O'Reilly logo

Risk Assessment for Asset Owners by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 10: RISK TREATMENT AND CONTROL SELECTION

ISO27001 specifies that only once you have completed the risk assessment can you move on to the selection of controls. There are four control selection choices in what is known as ‘risk treatment’.

The four risk treatment decisions that can be made are:

• Accept the risk

• Eliminate the risk by work-around or other arrangements

• Control the risk to bring it to an acceptable level

• Transfer it to a third party (eg, via insurance)

The criterion that is used in making the decision is simple: either the risk is within the organization’s pre-determined, board-approved risk tolerance level, in which case it is accepted, or it is not, in which case it must be avoided, controlled or transferred. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required