Use old ISO 27001:2005 format for assessing the risks
Assign topic to the user
2013 revision of ISO 27001 gives you a greater freedom in performing the risk assessment, but you can certainly use the principle from 27001:2005 where risks were identified based on assets, threats and vulnerabilities. The only thing you have to do extra because of 2013 revision is that you need to identify the risk owner for each risk.
You can learn more in this article: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Comment as guest or Sign in
Jan 12, 2016