controls assessment
Assign topic to the user
Generally there are security controls implemented before the risk assessment, so during the risk assessment you need to evaluate risks considering that these controls are implemented.
The contribution of existing controls implemented is measured through decreased likelihood, and sometimes through decreased impact.
If you have numerous controls that are implemented, you have to take into account their aggregate effect on impact and likelihood of risk - this means you have to list all the controls that are implemented, and take all of them into consideration when assessing the impact and likelihood.
This article about the residual risk can be interesting for you "Why is residual risk so important?" : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Comment as guest or Sign in
Jan 13, 2016