O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 12: RISK LEVEL

Risk level – the output of the risk equation that we discussed earlier – is a function of impact and likelihood (probability). The final step in the risk assessment exercise is to assess the risk level for each impact and to transfer the details to the corporate asset inventory.

Three levels of risk assessment are usually adequate: low, medium and high. Where the likely impact is low and the probability is also low, then the risk level could be considered very low. Where the impact is at least high and the probability is also at least high, then the risk level might (depending on the design of the risk matrix) be either high or very high.

Every organisation has to decide for itself what it wants to set as the thresholds ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required