Risk assessments
I purchased your ISO 27001 document toolkit, along with various books.
With regard to the risk assessment, it’s my first time doing this exercise – while the training & templates are useful, I am a little concerned I’m making it more complicated than it needs to be for a business of our size.
As with anything, there are levels of detail you can take it to, and I suspect I might be going too deep.
I was wondering if you had any real example risk assessments for a small/medium-sized *** company that you think are good and would be able to share with me (even if they are a little old)?
While the theory and examples are useful, I think seeing a real one would help me measure the depth required and if I’m on the right track.
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
As for a practical example of risk assessment, I suggest you take a look at this free downloadable material: Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
The diagram shows the ISO 27001 Risk Assessment and Treatment process, considering an asset – threat – vulnerability approach.
Please note that included with your toolkit there is access to a video tutorial that can help you understand and fill in the risk assessment and risk treatment tables, using real data as an example.
These articles will provide you a further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk assessment tips for smaller companies https://advisera.com/27001academy/blog/2010/02/22/risk-assessment-tips-for-smaller-companies/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Comment as guest or Sign in
May 25, 2020