Expert Advice Community

Guest

Risk assessment based on processes

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Risk assessment based on processes

How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Guest
AntonioS Jan 12, 2016

 

Answer:

Our methodology asset-based is very easy and useful because it focuses on each element that contains information. We only give support for our methodology. Anyway, if you want to focus on business processes (also you can focus on areas of responsibility), you can develop it with the following points:

1.- List the business process

2.- Identify the types of business risk

3.- List the general categories of technical risks and vulnerabilities

4.- Develop a rating scale for each technical risk category

5.- Perform the process analysis

6.- List the risk mitigation practices available for each process

7.- Define the mitigation cost

8.- Prioritize potential mitigation steps
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016