Risk Management Methodology 27001:2013
Assign topic to the user
For developing a methodology for risk assessment ISO 31000 is not very practical because it is very generic - it does not provide detailed guidance.
Therefore we recommend ISO 27005 because:
1) It is specific for information security management
2) It is much more practicable
3) It is fully compliant with ISO 31000
For details on risk assessment best practice please have a look on the following webinar for further information on risk assessment: https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Jan 12, 2016