Whichever approach or methodology you choose, company management should be closely involved in this process. Some common risk management frameworks include ISO 27005:2018, OCTAVE, and NIST SP 800-30 Revision 1. A quantitative approach uses data and numbers to define levels of risk. With a qualitative approach, you’ll go through different scenarios and answer “what if” questions to identify risks. In general, there are two approaches to risk assessment: qualitative and quantitative. How will you identify and respond to information security risk? How will you estimate likelihood and impact? What is your company’s acceptable level of risk? To meet ISO 27001 certification requirements, your ISO 27001 risk assessment procedure should follow these steps: Choose your risk management approach How to do a risk assessment for ISO 27001
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |