Risk Assessment Table
Assign topic to the user
Todd,
This is true - if you have one asset and e.g. 3 threats related to this asset, and e.g. 2 vulnerabilities related to each threat, you will have a total of 6 risks for one asset only. If you have 100 assets, this would be 600 risks in total.
You have to determine the impact and likelihood for each of these risks, and if the risk is unacceptable, you have to determine which controls to use to decrease such risk.
Thanks.
So with that said, lets assume I see 3 threats related to each asset and several vulnerabilities as well, do I list the asset multiple times with the different threat/vulnerability combination next to each listing? Or, is there a way to reflect multiple threat/vulnerabilies?
You should list the asset multiple times with the different threat/vulnerability combination.
By the way, all this is described into detail in video tutorial called How to Implement Risk Assessment According to ISO 27001 - you have access to it in our Customer Portal.
Comment as guest or Sign in
Jan 12, 2016