BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends November 28, 2022
Use promo code:
30OFFBLACK

Expert Advice Community

Scenario based risk assessment

  Quote
Brian Created:   Nov 12, 2019 Last commented:   Apr 05, 2022

Scenario based risk assessment

What is the key difference between a asset-threat-vulnerabilty assessment and a scenario based assessment?  Don't you end up pulling threats and vulns through into any scenarion by default?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 13, 2019

The key difference is that, while in the asset-threat-vulnerability assessment you start by identifying the elements that lead to a risk, in the scenario-based assessment you start with risk situation and then go for the elements that can lead to such risk.

The main advantage of scenario-based assessment is that users are more prone to identify risk situations than elements that lead to them. This leads to quicker risk identification. The drawback is that elements that can lead to the same risk are missed and the risk identification becomes incomplete, leading to a false sense of safety (this situation is prevented by using asset-threat-vulnerability assessment, but it takes longer to identify relevant risk because you have to try several different combinations of assets).

A good approach would be to start with scenario-based assessment to identify some relevant assets, threats, and vulnerabilities, and after that expand this list of elements and work on them to try to identify new risks.

This article will provide you further explanation about risk identification:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

This material will also help you regarding information security risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0
Guest
zohair Apr 05, 2022

good

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 12, 2019

Apr 05, 2022

Suggested Topics

Guest user Created:   Nov 23, 2022 ISO 27001 & 22301
Replies: 1
0 0

Cybersecurity

Rohit D Created:   Nov 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Query Related to ISO 27001