Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

Using scales for calculating risk

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Using scales for calculating risk

If you are using scale (say 1 to 5 FOR IMPACT AND LlKELYHOOD) then computing Risk is easy by adding I + L or multiplying. But if you are using scale as medium, High and Low how you will compute Risk? Looking forward for your guidance.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Guest
DejanK Jan 12, 2016

If you are using scale as High, Medium and Low for impact and Likelihood, syou can use a table like this:

                 Low          Medium     High
Low           LOW        LOW          MEDIUM
Medium     LOW        MEDIUM    HIGH
High          MEDIUM  HIGH         HIGH

In the table you just cross the impact with the likelihood (for example, columns are the impact, and rows are the likelihood), and in this way get the result of the risk. For example: I= High and L=High; Risk= HIGH, I=Medium and L=High; Risk=HIGH

Alternative (and simpler) way would be to use the following values: Low = 0, Medium = 1, and High =2; and addition as a way to calculate the risk. So if the I = 2, and L = 1, th en the Risk = 3.

Also this article can help you: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics