Guest user Created: Apr 27, 2018 Last commented: Apr 27, 2018

Risk assessment methodologies

What is your opinion on FMEA risk assessment methodology? What is the simplest and easiest (acceptable) risk assessment methodology for ISMS?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 27, 2018

Answer: First it is important to note that ISO 27001 does not prescribe any specific methodology for an ISMS, so organizations are free to choose the methodology that best fits their needs.

The most used approach is the asset-based risk assessment. Regarding FMEA, it is a good approach when you have a clear understanding of the processes being assessed.

These article will provide you further explanation about risk assessment approaches:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

These materials will also help y ou regarding risk assessment approaches:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 27, 2018

Expert Advice Community