SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Risk treatment options

Guest

Risk treatment options

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Nov 19, 2016 Last commented:   Nov 19, 2016

Risk treatment options

ISO 27001 & 22301
  1. If I was to find security risks and vulnerabilities, what type of methods and security configurations would be appropriate to protect and prevent impact to systems?
  2. Also, what types of ways can I implement and design ISMS to comply with ISO 27001?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Nov 19, 2016

If I was to find security risks and vulnerabilities, what type of methods and security configurations would be appropriate to protect and prevent impact to systems?

According to the results of the Risk Assessment, one or more of the following treatments should be considered:

- Decrease the risk: implementation of controls to reduce probability of occurrence and/or impact of the risk, thus reducing overall risk (e.g., antivirus decreases the probability to get infected by malware, and backup decreases the impact of data loss)
- Avoid the risk: stop performing the activity that causes the risk (e.g., ban BYOD because the risks of unauthorized access to the device are too high)
- Share the risk: transfer the risk to another party (e.g., buy an insurance policy for you house against fire)
- Retain the risk: accept the risk as it is, because you have no other viable alternative to apply.

This article will provide you further explanation about risk treatment:
- 4 mitigation options in risk treatment according to ISO 27001 http:/ /advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

Also, what types of ways can I implement and design ISMS to comply with ISO 27001?

Generally speaking, you may have three implementation alternatives to consider:

- Implementation using your own employees: you do not use any external help, only the knowledge and the capacity of your own employees.
- Using a consultant: you hire an expert from outside the organization who has experience with the implementation
- Implementation by your own with external support: your employees do most of the implementation, getting help only on specific issues from an external party

This article will provide you further explanation about ISMS implementation alternatives:
- 3 strategies to implement any ISO standard https://advisera.com/articles/3-strategic-options-to-implement-any-iso-standard/

These materials will also help you regarding risk treatment and ISMS implementation alternatives:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 19, 2016

Nov 19, 2016

Suggested Topics
Guest user Created:   Jul 02, 2020 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment options
Guest user Created:   Apr 12, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment options
Paul Created:   Feb 19, 2022 ISO 27001 & 22301
Replies: 4
0 0

Help: Creating risk management plan under ISO27005