Risk interviews and workshops
Assign topic to the user
Answer: These interviews are based on collecting all the information for the Risk assessment sheet - i.e. listing all the assets, vulnerabilities, threats, impact, likelihood, and risk owner. These materials will help you:
- article ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- article How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- webinar The basics of risk assessment and treatment according to ISO 27 001 https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
The other question is related to the training awareness for risk assessment to asset and risk owners - is there any material you have which can give examples or demonstrate what we need to cover in the training.
Answer: You should organize a workshop and teach them how to perform the whole process themselves. The best would be to take one department as an example, and list all the assets/threats/vulnerabilities for that department, as well as related impacts/likelihoods - this is partially explained in my book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Jul 16, 2016