6.1.2 Information security risk assessment

Created by Maurice Pasman
Last updated: Apr 06, 2022

Control details

Requirement

For copyright reasons, this space does not contain citations from the Standard.

Instruction

Write down the organization's method for risk analysis.

Think:

  1. How often/when is the risk analysis executed?
  2. Who will be performing the risk analysis?
  3. What metrics will be used?
  4. When is a risk required to be mitigated and when can it be accepted?
  5. Who will own the risk?
  6. Who can accept a risk?
Implementation

Our risk assessment process is based on SPRINT and is defined here: Risk assessment and treatment process.

Check details

Owner/wiki/spaces/DEMO/pages/5670182
FrequencyYear
Instruction

Is the risk assessment process still accurate? Are the risk levels in the identified risks according to the process?

Is the implementation still accurate? Consult with management if needed. Report any findings below in the comments, or upload proof as attachment to this page.


  File Modified
No files shared here yet.