CHAPTER 11: LIKELIHOOD
Each of the preceding stages of the risk assessment has a relatively high degree of certainty about it. The vulnerabilities should be capable of technical, logical or physical identification. The way in which threats might exploit them should also be mechanically demonstrable. The decisions that have to be made are those that relate to the actions the organisation will take to counter those threats. Before that, however, there needs to be an assessment as to the likelihood of the event, and what the appropriate response to it will be. This means that the actual risks have now to be assessed and related to the organisation’s overall ‘risk appetite’ – that is, its willingness to take risks.
Risk analysis
ISO27001 (clause ...
Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.