Expert Advice Community

Guest

Risk treatment options

  Quote
Guest
Guest user Created:   Nov 19, 2016 Last commented:   Nov 19, 2016

Risk treatment options

  1. If I was to find security risks and vulnerabilities, what type of methods and security configurations would be appropriate to protect and prevent impact to systems?
  2. Also, what types of ways can I implement and design ISMS to comply with ISO 27001?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 19, 2016

If I was to find security risks and vulnerabilities, what type of methods and security configurations would be appropriate to protect and prevent impact to systems?

According to the results of the Risk Assessment, one or more of the following treatments should be considered:
- Decrease the risk: implementation of controls to reduce probability of occurrence and/or impact of the risk, thus reducing overall risk (e.g., antivirus decreases the probability to get infected by malware, and backup decreases the impact of data loss)
- Avoid the risk: stop performing the activity that causes the risk (e.g., ban BYOD because the risks of unauthorized access to the device are too high)
- Share the risk: transfer the risk to another party (e.g., buy an insurance policy for you house against fire)
- Retain the risk: accept the risk as it is, because you have no other viable alternative to apply.
This article will provide you further explanation about risk treatment:
- 4 mitigation options in risk treatment according to ISO 27001 http:/ /advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

Also, what types of ways can I implement and design ISMS to comply with ISO 27001?

Generally speaking, you may have three implementation alternatives to consider:
- Implementation using your own employees: you do not use any external help, only the knowledge and the capacity of your own employees.
- Using a consultant: you hire an expert from outside the organization who has experience with the implementation
- Implementation by your own with external support: your employees do most of the implementation, getting help only on specific issues from an external party
This article will provide you further explanation about ISMS implementation alternatives:
- 3 strategies to implement any ISO standard https://advisera.com/log/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
These materials will also help you regarding risk treatment and ISMS implementation alternatives:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 19, 2016

Nov 19, 2016

Suggested Topics

Guest user Created:   Jul 02, 2020 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment options

Guest user Created:   Apr 12, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment options

Guest user Created:   Apr 22, 2020 ISO 27001 & 22301
Replies: 4
0 0

Questions about risk