Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Use old ISO 27001:2005 format for assessing the risks

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Use old ISO 27001:2005 format for assessing the risks

VAPT or Risk analysis or risk treatment method has been changed or same as like 2005. Can I use old format for assess the asset register or i have to changed Kindly provide me guideline.
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Guest
DejanK Jan 12, 2016

2013 revision of ISO 27001 gives you a greater freedom in performing the risk assessment, but you can certainly use the principle from 27001:2005 where risks were identified based on assets, threats and vulnerabilities. The only thing you have to do extra because of 2013 revision is that you need to identify the risk owner for each risk.

You can learn more in this article: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits

ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals