Guest
Risk likelihood
If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Dejan Kosutic
Sep 04, 2018
Answer:
First of all, you should record an incident in the Incident log, not in the Risk register - the purpose of Incident log is to record all the incidents from the past, while Risk register tries to anticipate the incidents from the future.
If an incident has already happened in the bust, then it has a much higher chance of happening in the future.
See also this article: How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
These materials will also help you regarding risk assessment:
- book ISO 27001 Risk Management in Plain English https://advise ra.com/books/iso-27001-risk-management-in-plain-english/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 04, 2018
Sep 04, 2018
Sep 04, 2018