Risk assessment for Information security
Assign topic to the user
There are many similarities between ISO 27001 and PCI-DSS, it can be useful for you. According to the requirement 12.2 of PCI-DSS, you need to implement a risk assessment process, so I suppose that you have a risk assessment methodology based on ISO 27005, OCTAVE, or similar. On this case, you can use the same methodology for the implementation of the ISO 27001 (for the risk assessment & treatment), but thinking on assets related to information security (taking into account the scope of the ISMS). You can read these 2 articles about ISO 27001 and PCI-DSS PCI-DSS vs. ISO 27001 Part 1 Similarities and Differences : https://advisera.com/27001academy/knowledgebase/pci-dss/ and PCI-DSS vs. ISO 27001 Part 2 Implementation and Certification: https://advisera.com/27001academy/knowledgebase/pci-dss/
Regarding to the risk register, if you want, you can try our methodology, there are templates for that you want (you can see a free version of all templates clicking on Free Demo tab): https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
Comment as guest or Sign in
Jan 12, 2016