Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Risk assessment questionnaire

  Quote
Guest
Guest user Created:   Apr 12, 2017 Last commented:   Apr 12, 2017

Risk assessment questionnaire

Is there a questionnaire that i would give to each asset owner to answer, and with i would be able to know all the necessary info to do a proper risk assessment ? is that plausible? Because if i did an interview i would ask the owner to explain his business process and look at all the aspects where an attacker could attack, but if it was an excel sheet or an email questionnaire ? can that be done? Do you have any questionnaire examples?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 12, 2017

Answer: No. Although many questions are common, each questionnaire should also contain questions regarding the specific business process under assessment, and elaborating a single questionnaire to try to cover all possible questions is unpractical. When you do an interview you adjust your questions "on the fly", depending on the interviewee answers and your own perception. Questionnaires are useful when you need to gather specific information. When you do not have a focus to work on it is better to use interviews.

Our ISO 27001 toolkits work with the asset-threath-vulnerability approach, using a risk assess ment sheet which needs to be filled out, together with a video tutorial which explains how this is done, so in this case the use of a questionnaire is not really applicable with risk assessment. You can take a look at the free demo of the our Risk Assessment Table at this link https://advisera.com/27001academy/documentation/risk-assessment-table/

This article will provide you further explanation about risk assessment methods based on interviews, checklists and other tools:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 12, 2017

Apr 12, 2017

Suggested Topics