Guest
Using scales for calculating risk
If you are using scale (say 1 to 5 FOR IMPACT AND LlKELYHOOD) then computing Risk is easy by adding I + L or multiplying. But if you are using scale as medium, High and Low how you will compute Risk? Looking forward for your guidance.
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
If you are using scale as High, Medium and Low for impact and Likelihood, syou can use a table like this:
Low Medium High
Low LOW LOW MEDIUM
Medium LOW MEDIUM HIGH
High MEDIUM HIGH HIGH
In the table you just cross the impact with the likelihood (for example, columns are the impact, and rows are the likelihood), and in this way get the result of the risk. For example: I= High and L=High; Risk= HIGH, I=Medium and L=High; Risk=HIGH
Alternative (and simpler) way would be to use the following values: Low = 0, Medium = 1, and High =2; and addition as a way to calculate the risk. So if the I = 2, and L = 1, th en the Risk = 3.
Also this article can help you: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016