Expert Advice Community

Guest

Risk standards comparison

  Quote
Guest
Guest user Created:   Dec 09, 2016 Last commented:   Dec 09, 2016

Risk standards comparison

I'd be interested to hear any useful comparisons to other risk standards such as FAIR or OCTAVE.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Expert
Rhand Leal Dec 09, 2016

Answer: In a general manner, risk standards cover in different levels of details these steps listed in ISO 31000: context establishment, risk identification, risk analysis, risk evaluation and risk treatment.

While ISO 31000 is more focused on general risk management structure (it does not define specific methods, although you can find examples in ISO 31010), OCTAVE focus on risk management, on a strategic and planning level, and FAIR addresses security practice weaknesses. Another risk management framework I can tell about is used by NIST (National Institute of Standards and Technology). Documents SP 800-30 and 800-37 are focused on helping implementation in US federal systems, presenting great level of details regarding risk levels, security and assurance controls.

The European Network and Information Security Agency has an old, but still useful, content about Risk Management / Risk Assessment Methods you may find useful: ENISA Inventory of R isk Management / Risk Assessment Methods: https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods

This article will provide you further explanation about risk standards:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 09, 2016

Dec 09, 2016

Suggested Topics

Guest user Created:   Jun 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Questions about Conformio

Guest user Created:   Dec 05, 2016 ISO 27001 & 22301
Replies: 1
0 0

ISO 27005 and ISACA RiskIT

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan