The Risks Of Risk Assessment Essay examples

1009 Words Nov 18th, 2016 5 Pages
The policy does not exist. However the risk assessment identified many risk that need to be addressed. Therefore, a policy is needed to address the risk found.

On page 7 of the Risk Assessment it was stated that SHGTS has never had a Risk Assessment before. This means that there was no policy in place to address the need for one.

Section 4.1 of ISO 27002:2005 says that risk assessment needs to be done periodically in a methodological manner (ISO/IEC 27002, 2005).

Since the policy does not exist, then the acceptable risk posture of the organization does not exist in such policy either.

The risk assessment discusses different levels of risk in the findings section on page 19. However acceptable risk was not determined.

Section 4.2 of ISO 27002:2005 says that the acceptability of risk should be determined. It says that a low level risk the is not cost effective can be accepted. This calls for a acceptable risk posture for the organization to be included in the policy (ISO/IEC 27002, 2005).

This policy does not exist, so the risk assessment details did not have a policy to exist in.

On pages 21-22 of the risk assessment recommendations were made for details to be made about sections of the risk assessment.

Section 4.1 of ISO 27002:2005 Recommends that risk assessment should be done periodically to identify and choose a correct way to handle it. This justified that it should be included in the policy (ISO/IEC 27002, 2005).

Since a policy does not exist,…

Related Documents