I would like to know on risk assessment methodology for Organization in financial services, for new and existing IT assets.
Assign topic to the user
ISO 27001 does not prescribe a risk assessment methodology, but the most used approach is the asset-threat-vulnerability approach, which is applicable for any kind of organization.
This article will provide you an explanation about the asset-threat-vulnerability approach for risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
These materials will also help you regarding the asset-threat-vulnerability approach for risk assessment:
- Step-by-step explanation of ISO 27001 risk management (PDF) https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 17, 2020