Risk calculation and implemented controls
Assign topic to the user
Answer: For determining the risk value, you must consider the current situation, i.e., including the influence of the controls currently implemented. If you do not do that you may finish overestimating risks and waste resources to handle an already acceptable risk.
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding risk calculation and implemented controls:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on deman d] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Feb 11, 2017