Use a well-grounded methodology that can produce repeatable results...
Risk Assessment Methodology and Report
We can assist you with developing a Risk Assessment Methodology that aligns with the ISO 27001 requirements. We can also perform the Assessment utilizing the methodology and produce the Risk Assessment Report.
Methodology:
We will work to ensure that your existing methodology produces the required results, especially where an enterprise-level risk management framework is in place. Or, alternately we can produce the methodology that conforms to the requirements and expectations of 27001 using the ISO 27005 Standard or other methodologies. The basic methodology should:
Identification of security risks:
- Identify mission critical primary and secondary assets
- Assessment of the security impact(s)
- Produce a list rated threats and their sources
- Identify existing controls
- Produce a list of rated vulnerabilities
- Identify possible incident scenarios
Risk Analysis:
- Assessment of incident(s) likelihood
- Assessment of the consequences
- Determine the level of risks
Risk Evaluation
- Compare the list of risks with the established criteria
- Identify risk treatment options
- Produce a prioritized lit of risks
Expected Outcome(s):
A Risk Assessment Report that conforms to 27001. We will perform the Risk Assessment and ensure that it produces the necessary results to identify security risks and align with the security controls outlined in 27002.