SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Using risks instead of threats

Guest

Using risks instead of threats

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Using risks instead of threats

ISO 27001 & 22301
I think in 27001:2013 version we not using the word of threats,we are using risk instead of threats, kindly correct me if i m wrong,
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Guest
DejanK Jan 12, 2016

Risk is different from threat: risk is "an uncertain event or condition that, if it occurs, has an effect on at least one objective", while threat is "potential cause of an unwanted incident, which may result in harm to a system or organization". So for instance, the threat is a computer virus, and the risk is the loss of all the information on your computer.

It is true that ISO 27001:2013 does not require the identification of threats any more, but this is in my opinion still the best methodology - read more here: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Brian Created:   Nov 12, 2019 ISO 27001 & 22301
Replies: 2
0 0

Scenario based risk assessment
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Guest user Created:   Aug 10, 2023 ISO 27001 & 22301
Replies: 1
0 0

What asset to list when Risks relate to general or high-level assets?