Expert Advice Community

Guest

Risk assessment based on processes

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Risk assessment based on processes

How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

 

Answer:

Our methodology asset-based is very easy and useful because it focuses on each element that contains information. We only give support for our methodology. Anyway, if you want to focus on business processes (also you can focus on areas of responsibility), you can develop it with the following points:

1.- List the business process

2.- Identify the types of business risk

3.- List the general categories of technical risks and vulnerabilities

4.- Develop a rating scale for each technical risk category

5.- Perform the process analysis

6.- List the risk mitigation practices available for each process

7.- Define the mitigation cost

8.- Prioritize potential mitigation steps
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Jun 07, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk assessments

Guest user Created:   May 30, 2022 ISO 27001 & 22301
Replies: 3
0 0

Risk assessment question