Professional Documents
Culture Documents
The Basics of Risk Assessment and Treatment According To ISO 27001 Presentation Deck
The Basics of Risk Assessment and Treatment According To ISO 27001 Presentation Deck
Risk
management Safeguards
(ISO 27005) (ISO 27002)
Measurement
(ISO 27004)
Your Text
Risk assessment methodology
Your Text
Mandatory
Risk assessment
procedures
Your
YourText
Text
AnalyzeRisk
and assess
treatment
Your Text
Statement of Applicability
Your Text
Mandatory
Risk treatment
procedures
plan
Risk
Risk identification Risk analysis
owner
• Examples:
• Hardware
• Software
• Information (electronic, paper etc.)
• Infrastructure
• People!
• etc.
• Identification of asset owners
©2018 27001Academy www.advisera.com/27001academy 9
Threats – What can happen?
Examples:
• Fire
• Earthquake
• Computer viruses
• Bomb threat
• Equipment malfunction
• Key people leaving the company
Examples:
• Lack of fire-extinguishing system
• Lack of business continuity plans
• Lack of anti-virus software
• Lack of incident response procedures
• Obsolete equipment
• Lack of replacement
Apply
appropriate Accept risks
controls
Dejan Kosutic
Thank you!
www.advisera.com/27001academy/webinars