Risk assessment for ISMS and BCMS
Assign topic to the user
Answer:
Since BIA relates Impact over Time, and RA relates Impact and Likelihood, I'm assuming by your statement that the RA process used for BIA is using a 1-4 scale, and on the RA for the ISMS you are using the 1-5 scale. Considering that, you have two options to consider to have comparable results:
1 - Adopt a single scale for RA process used both for BIA and the ISMS
2 - Uses a constant to convert the risk value used on BIA to ISMS and vice versa
Considering the second alternative, for each risk value found using the scale 1-5 you must multiply it by .8 to find its equivalent risk value when using the 1-4 scale. For the reverse path (i.e., converting the value from 1-4 scale to 1-5 scale), the constant to be used is 1.25.
This article can provide you further information regarding risk assessment and business impact analysis:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
Comment as guest or Sign in
Apr 15, 2019