Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Risk Assessment Table

This in in reference to the: Appendix_1_Risk_Assessment_Table_EN spreadsheet. In preparation for filling in the Risk Assessment Table, I recognized that a particular asset say a "laptop" could have more than one threat, and by selecting any given threat there could be more than on vulnerability. How do you account for these multiple possibilities with each asset? the combinations seem like there could be many?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Todd,

This is true - if you have one asset and e.g. 3 threats related to this asset, and e.g. 2 vulnerabilities related to each threat, you will have a total of 6 risks for one asset only. If you have 100 assets, this would be 600 risks in total.

You have to determine the impact and likelihood for each of these risks, and if the risk is unacceptable, you have to determine which controls to use to decrease such risk.

Quote

0 0

Guest

Guest post Jan 12, 2016

Thanks.

So with that said, lets assume I see 3 threats related to each asset and several vulnerabilities as well, do I list the asset multiple times with the different threat/vulnerability combination next to each listing? Or, is there a way to reflect multiple threat/vulnerabilies?

Quote

0 0

Guest

DejanK Jan 12, 2016

You should list the asset multiple times with the different threat/vulnerability combination.

By the way, all this is described into detail in video tutorial called How to Implement Risk Assessment According to ISO 27001 - you have access to it in our Customer Portal.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community