Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Risk assessment for Information security

I hope you are well. I am going to carry out risks assessment for information security and we are PCI DSS compliant also. What is the best way to go about this. I also need a risk register.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

There are many similarities between ISO 27001 and PCI-DSS, it can be useful for you. According to the requirement 12.2 of PCI-DSS, you need to implement a risk assessment process, so I suppose that you have a risk assessment methodology based on ISO 27005, OCTAVE, or similar. On this case, you can use the same methodology for the implementation of the ISO 27001 (for the risk assessment & treatment), but thinking on assets related to information security (taking into account the scope of the ISMS). You can read these 2 articles about ISO 27001 and PCI-DSS PCI-DSS vs. ISO 27001 Part 1 Similarities and Differences : https://advisera.com/27001academy/knowledgebase/pci-dss/ and PCI-DSS vs. ISO 27001 Part 2 Implementation and Certification: https://advisera.com/27001academy/knowledgebase/pci-dss/
Regarding to the risk register, if you want, you can try our methodology, there are templates for that you want (you can see a free version of all templates clicking on Free Demo tab): https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community