You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

SIG-ISM has published a white paper on risk management.

A reference to ISO 27001 chapter 5. leadership should be added her, specifically detailing how the organization addresses risk responsibilities and residual risks.


Risk assessment process

The risk assessment process can be divided into the following activities:

  1. Mapping of information assets and value assessment
  2. Mapping of existing safeguards
  3. Mapping of risk elements
  4. Assessment of risk level (consequence and probability)
  5. Controls in relation to risk factors
  6. Categorization and prioritization of controls
  7. Approval of controls
  8. Risk treatment. Implementation and follow-up of controls

Activity 2 to 5 is usually done in a risk assessment workshop.

  • No labels