Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Risk likelihood

  Quote
Guest
Guest user Created:   Sep 04, 2018 Last commented:   Sep 04, 2018

Risk likelihood

If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Sep 04, 2018

Answer:

First of all, you should record an incident in the Incident log, not in the Risk register - the purpose of Incident log is to record all the incidents from the past, while Risk register tries to anticipate the incidents from the future.

If an incident has already happened in the bust, then it has a much higher chance of happening in the future.

See also this article: How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

These materials will also help you regarding risk assessment:
- book ISO 27001 Risk Management in Plain English https://advise ra.com/books/iso-27001-risk-management-in-plain-english/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 04, 2018

Sep 04, 2018

Suggested Topics