Risk assessment methodology for Organization in financial services

ISO 27001 does not prescribe a risk assessment methodology, but the most used approach is the asset-threat-vulnerability approach, which is applicable for any kind of organization.

This article will provide you an explanation about the asset-threat-vulnerability approach for risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/write-iso-27001-risk-assessment-methodology/

These materials will also help you regarding the asset-threat-vulnerability approach for risk assessment:
- Step-by-step explanation of ISO 27001 risk management (PDF) https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/rols-plain-english/risk-management-in-plain-english/