CHAPTER 11: LIKELIHOOD

Each of the preceding stages of the risk assessment has a relatively high degree of certainty about it. The vulnerabilities should be capable of technical, logical or physical identification. The way in which threats might exploit them should also be mechanically demonstrable. The decisions that have to be made are those that relate to the actions the organisation will take to counter those threats. Before that, however, there needs to be an assessment as to the likelihood of the event, and what the appropriate response to it will be. This means that the actual risks have now to be assessed and related to the organisation’s overall ‘risk appetite’ – that is, its willingness to take risks.

Risk analysis

ISO27001 (clause ...

Get Information Security Risk Management for ISO27001/ISO27002 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.