Guest user Created: Sep 04, 2018 Last commented: Sep 04, 2018

Risk likelihood

If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Sep 04, 2018

Answer:

First of all, you should record an incident in the Incident log, not in the Risk register - the purpose of Incident log is to record all the incidents from the past, while Risk register tries to anticipate the incidents from the future.

If an incident has already happened in the bust, then it has a much higher chance of happening in the future.

See also this article: How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

These materials will also help you regarding risk assessment:
- book ISO 27001 Risk Management in Plain English https://advise ra.com/books/iso-27001-risk-management-in-plain-english/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 04, 2018

Expert Advice Community

Risk likelihood

Risk likelihood

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Question on enterprise risk management framework

Consequence and Likelihood after Risk Treatment

Residual risk