ISO 27001 for Jumb Burger - Risk Assessment sheet

#1
Can anyone help with below mentioned scenario:
Assume that you are doing ISO 27001 for JumboKing Burger. Please design a Risk Assessment sheet, then make a Statement of Applicability for JumboKing Burger. Prioritize risks in descending order considering inherent risk value and significance in today’s global industrial scenario
 
Elsmar Forum Sponsor

Richard Regalado

Trusted Information Resource
#2
Information: JumboKing Burger recipe
Risk: The recipe could be stolen because there is no formal document control being practiced
Impact: High
Probability: High
Risk treatment: Write and implement a formal document management system with information classification and labeling
ISO/IEC 27001 control: A.8.2.1, A.8.2.2

Complete the risk assessment and treatment, then write your Statement of Applicability
 
#3
Thank Richard Sir for your valuable feedback.
Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.
 
Last edited by a moderator:

RoxaneB

Super Moderator
Super Moderator
#4
This sounds like an exercise from a class or an exam prep question. Rather than have an answer just given, why not offer to us what you think a good approach is - even if it's just a start - and feedback can then be offered from the group. In my opinion, just asking for the answer is not necessarily the best way to learn.
 

Tagin

Trusted Information Resource
#5
Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.
Please provide your complete risk assessment sheet, and we can comment and make suggestions. No one here is going to do your work for you.
 

optomist1

A Sea of Statistics
Super Moderator
#6
the more info the poster provides upfront the better the response....detail, details, details are so important - just my 2 bitcoins worth
 

Richard Regalado

Trusted Information Resource
#7
Thank Richard Sir for your valuable feedback.
Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.
Dear Nitishk,

No problem. I made the attached risk register in the parking lot while waiting for the wife. You are free to use it. My only request - if you modify or update the file, please share it back to the forum so that knowledge flows back here. For the impact and probability values, you may create your own tables based on the need of your organization. You can be as simple or as complex as you want. What is not shown here is the risk acceptance criteria. You have to think and decide on it.

Let me know if you have questions.

Screen Shot 2021-01-29 at 22.53.30.jpg

Regards,

Richard
 

Attachments

#8
Morning All,
I am in the process of conducting an ISO 27001 risk assessment for stage 1 audit ,and using the stated methodology and from that produce a risk register [6.1.2].

Does anyone has a lists of steps on what to do (with examples) and templates that I can re-use.
 

Richard Regalado

Trusted Information Resource
#9
Morning All,
I am in the process of conducting an ISO 27001 risk assessment for stage 1 audit ,and using the stated methodology and from that produce a risk register [6.1.2].

Does anyone has a lists of steps on what to do (with examples) and templates that I can re-use.
Some steps:
1. Identify information assets
2. Identify information security risks
3. Assess impact and probability
4. Determine what is important
5. Think of what to do
6. Monitor what you did
7. Do it again
 
Thread starter Similar threads Forum Replies Date
H Asset Inventory - documents and people (ISO 27001) IEC 27001 - Information Security Management Systems (ISMS) 1
R ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 3
Y How can i integrate ISO 13845 into ISO 27001? ISO 13485:2016 - Medical Device Quality Management Systems 4
Richard Regalado Informational ISO/IEC DIS 27001:2021, to be published soon. IEC 27001 - Information Security Management Systems (ISMS) 0
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 5
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
M ISO 27001 ISMS scope for companies with subsidiaries IEC 27001 - Information Security Management Systems (ISMS) 0
S How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step) IEC 27001 - Information Security Management Systems (ISMS) 7
P Relevance of Offsite backups process compliance and ISO 27001 certification. IEC 27001 - Information Security Management Systems (ISMS) 3
P Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1 IEC 27001 - Information Security Management Systems (ISMS) 3
P What is the exact difference between Risk and Opportunity in context of ISO 27001? IEC 27001 - Information Security Management Systems (ISMS) 7
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
A Policies Mandatory or essential for ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 6
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS implementation - ISO 27001: 2013 Company Objectives IEC 27001 - Information Security Management Systems (ISMS) 1
B Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
A ISO 27001 function wise or department wise audit questionnaire with control & clauses IEC 27001 - Information Security Management Systems (ISMS) 3
S Sample document for integrated ISO 20000 & ISO 27001 Other ISO and International Standards and European Regulations 3
W What are the benefits of ISO 27001 for my IT Organization IEC 27001 - Information Security Management Systems (ISMS) 3
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
A Risk Register template as per ISO 27001:2013 wanted IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
S ISO 27001:2013 - How to document Context Of the Organization IEC 27001 - Information Security Management Systems (ISMS) 13
C ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 32
G ISO 27001 for a Hosting Provider IEC 27001 - Information Security Management Systems (ISMS) 3
P ISO 27001:2013 Clause 4.1 and 4.2 Clarification and Guidance IEC 27001 - Information Security Management Systems (ISMS) 13
W Working in a company where we try to implement ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
L Where to purchase ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 3
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
I ISO 27001:2013 Released - Transition Requirements? IEC 27001 - Information Security Management Systems (ISMS) 6
J ISO 27001 - Business Continuity Event Simulation Testing Business Continuity & Resiliency Planning (BCRP) 8
R Required artifacts (records) for ISO 27001 Auditing IEC 27001 - Information Security Management Systems (ISMS) 9
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado DRAFT ISO/IEC 27001:201? ISMS Requirements (Open for Comments!) IEC 27001 - Information Security Management Systems (ISMS) 0
R ISO 27001 A.8.2.2 Information Security Awareness, Education and Training IEC 27001 - Information Security Management Systems (ISMS) 10
A Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
K Information Classification Labeling - ISO/IEC 27001:2005 Labeling Requirements IEC 27001 - Information Security Management Systems (ISMS) 1
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
T ISO/IEC 27001 to ISO/IEC 12207 Mapping - Cross Reference Matrix IEC 27001 - Information Security Management Systems (ISMS) 2
T Person in charge's role or responsibility in ISMS? ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado A.15 Compliance - One of the grey areas of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 7
S Checklist for ISO 27001 ISMS Internal Audit IEC 27001 - Information Security Management Systems (ISMS) 3
G ISO 27001 Corrective Action Document Requirements IEC 27001 - Information Security Management Systems (ISMS) 10

Similar threads

Top Bottom