Guest user Created: Oct 14, 2017 Last commented: Oct 14, 2017

Risk calculation

We are getting closer to performing a Risk Assessment, my question to you is what is the best practice to calculate the level of risk. Should likelihood and consequence be added or multiplied?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 14, 2017

Answer: For the purposes of a simple risk assessment, there is no difference if you add or multiply likelihood and consequence to calculate the risk. The difference would only make sense for statistical calculations, which are not required for simple risk assessment.

This article will provide you further explanation about likelihood and consequence assessment:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

These materials will also help you regarding likelihood and consequence assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ sh/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 14, 2017

Expert Advice Community