Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Risk Assessment Method

  Quote
Guest
Guest user Created:   Feb 16, 2021 Last commented:   Feb 16, 2021

Risk Assessment Method

Can I use the CIS RAM as my Risk Assessment Method for implementing the ISO 27001:2013? I feel very comfortable using that method but need to know if it is appropriate to use it with the ISO 27001. Or the best scenario is to use the ISO 27005:2018?

1 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 16, 2021

Generally speaking, a risk assessment methodology compliant with ISO 27001 has these 5 elements:

  • risk identification
  • risk owner
  • likelihood
  • impact
  • risk level.

Provided CIS CRAM can fulfill these requirements, it can be used in an ISO 27001 context.

We are not experts in CIS RAM, but based on the material provided in the Center for Internet Security (https://www.cisecurity.org/white-papers/cis-ram-risk-assessment-method/), this methodology seems too complex for beginners (please note that risk assessment is more useful when everyone in an organization can use it by themselves in a quick way, not depending upon few persons).

To see a risk assessment methodology compliant with ISO 27001 that we consider simple to learn and use, please access this free demo template: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/

These articles will provide information about risk management in ISO 27001:

This material will also help you regarding risk management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 16, 2021

Feb 16, 2021