Risk assessment methodology
Assign topic to the user
Answer:
Basically if you want, you can develop your own methodology, and for this, you can use our recommendations, so this article can be interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
By the way, our methodology for the risk assessment & treatment is based on 6 basic steps, which you can see here “ISO 27001 risk assessment & treatment - 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Regarding the asset risk register, first you need to identify assets, and after identify risks related to these assets (according to previous articles). So, for the identification of assets thi s article can be also interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Finally, these materials will help you to perform the risk assessment & treatment in your organization:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Aug 30, 2016