Expert Advice Community

Scenario based risk assessment

  Quote
Brian Created:   Nov 12, 2019 Last commented:   Nov 13, 2019

Scenario based risk assessment

What is the key difference between a asset-threat-vulnerabilty assessment and a scenario based assessment?  Don't you end up pulling threats and vulns through into any scenarion by default?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 13, 2019

The key difference is that, while in the asset-threat-vulnerability assessment you start by identifying the elements that lead to a risk, in the scenario-based assessment you start with risk situation and then go for the elements that can lead to such risk.

The main advantage of scenario-based assessment is that users are more prone to identify risk situations than elements that lead to them. This leads to quicker risk identification. The drawback is that elements that can lead to the same risk are missed and the risk identification becomes incomplete, leading to a false sense of safety (this situation is prevented by using asset-threat-vulnerability assessment, but it takes longer to identify relevant risk because you have to try several different combinations of assets).

A good approach would be to start with scenario-based assessment to identify some relevant assets, threats, and vulnerabilities, and after that expand this list of elements and work on them to try to identify new risks.

This article will provide you further explanation about risk identification:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

This material will also help you regarding information security risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 12, 2019

Nov 13, 2019

Suggested Topics

Guest user Created:   Nov 24, 2018 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment methods

Guest user Created:   Jun 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 query