Risk treatment plan
Buenas noches, estoy redactando un plan de seguridad para el aseguramiento de la información de la plataforma informática de una institución. Me gustaría saber la manera correcta de generar los estudios necesarios y los informes de recomendación y aplicabilidad para el respectivo aseguramiento.
Assign topic to the user
Good evening, I am drafting a security plan for the information assurance of an institution's computer platform. I would like to know the correct way to generate the necessary studies and the reports of recommendation and applicability for the respective assurance.
I'm assuming you are elaborating a risk treatment plan. Considering ISO 27001, the process to create a risk treatment plan is:
- develop a risk assessment and risk treatment methodology
- perform risk assessment
- perform risk treatment
- develop the risk assessment and risk treatment report
- develop the statement of applicability
- develop the risk treatment plan
These articles will provide you further explanation about Risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
To see how documents used in a risk assessment and risk treatment process look like, I suggest you take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/
These materials will also help you regarding Risk assessment and treatment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Mar 06, 2020