Expert Advice Community

Guest

Risk Treatment

  Quote
Guest
Guest user Created:   Jun 15, 2020 Last commented:   Jun 15, 2020

Risk Treatment

I am very new in this field (IT Security ISO 27001) and my biggest issue is to understand how can I improve my knowledge and use for the praxis because I have good knowledge about ISO27001 but I don't have any idea how can in use that in praxis.

For example when I have scope and SoA documents how can I implement to the praxis with help from ISO 27001 and create a risk analysis, Risk treatment, and so on.

It would be very grating if you have some advice for me.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 15, 2020

To improve your knowledge about putting ISO27001 in practice I suggest you read our blog posts and papers because most of them include real examples on how to fulfill requirements of the standard or apply controls. A good general guide is these free download:

Besides the explanation in the papers themselves, they include links to detailed articles.

Regarding your example, please note that the Statement of Applicability is part of the risk management process required by ISO 27001, and it is created after risk analysis and risk treatment. The correct sequence of your example is:

  • ISMS scope: where you define which information you want to protect and where it is located
  • Risk analysis: the identification of relevant risks that can negatively impact your scope
  • Risk treatment: the definition of the general approach to treat relevant risks (e.g., risk mitigation, risk avoidance, risk acceptance, and risk transfer)
  • SoA: where you identify the controls that are considered applicable for you ISMS, the justification for include such controls, the justification for not including some of the controls of ISO 27001 Annex A (if necessary), and the implementation status of applicable controls.

These articles will provide you a further explanation about risk management according to ISO 27001 and implementation steps:

These materials will also help you regarding ISO 27001:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 15, 2020

Jun 15, 2020