Risk Assessment Methodology.
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
There is no specific methodology in ISO 27001 for the risk assessment (you can develop your own methodology), although this article can help you to write a basic risk assessment methodology “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
FEMA (Federal Emergency Management Agency) and FISMA (Federal Information Security Management Act) are basically regulations that are applicable only in USA.
Most of cases the risk assessment methodology chosen is an asset based, because it is the most easy, and common methodologies are CRAMM, OCTAVE, MAGERIT, but as you know, you can write your own methodology.
This article can be also interesting for you “ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification” : https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
Finally, these materials will help you more with risk assessment:
- free online training ISO 2700 1 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Aug 06, 2016