Information Security Risk Management for ISO 27001/ISO 27002, third edition

CHAPTER 10: SCENARIO-BASED RISK ASSESSMENT

While asset-based risk assessment is a perfectly valid approach to risk assessment, it is not the only method, nor is it necessarily the best or the easiest. For some organisations, an asset-based risk assessment may be unnecessarily detailed, too time-consuming, or simply unfeasible for the specific risks that the organisation faces.

You should note, however, that BS 7799-3 does not favour one method over the other and, in fact, considers them fundamentally identical, stating:

An event is the action of a threat exploiting a vulnerability. […] The consequence is the result of the event […] which in the asset-threat-vulnerability method is the asset and the nature of the compromise. In this sense, both ...

Get Information Security Risk Management for ISO 27001/ISO 27002, third edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Risk Management for ISO 27001/ISO 27002, third edition by Alan Calder, Steve Watkins

CHAPTER 10: SCENARIO-BASED RISK ASSESSMENT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly