Expert Advice Community

Home / ISO 27001 & 22301 / Risk Management Methodology 27001:2013

Guest

Risk Management Methodology 27001:2013

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Risk Management Methodology 27001:2013

ISO 27001 & 22301
How is the good practice and formulate risk assessment ? According to new version, now risk assessment refer to ISO 31000 however can we still use others methodology such NIST or 27005. Thanks
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Guest
Guest post Jan 12, 2016

For developing a methodology for risk assessment ISO 31000 is not very practical because it is very generic - it does not provide detailed guidance.

Therefore we recommend ISO 27005 because:
1) It is specific for information security management
2) It is much more practicable
3) It is fully compliant with ISO 31000

For details on risk assessment best practice please have a look on the following webinar for further information on risk assessment: https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Oct 28, 2022 ISO 27001 & 22301
Replies: 1
0 0

HIPAA vs ISO
Guest user Created:   Oct 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question about certification requirements
Guest user Created:   Apr 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation