ISO 27001 for Jumb Burger - Risk Assessment sheet

[nitishk]

Can anyone help with below mentioned scenario:
Assume that you are doing ISO 27001 for JumboKing Burger. Please design a Risk Assessment sheet, then make a Statement of Applicability for JumboKing Burger. Prioritize risks in descending order considering inherent risk value and significance in today’s global industrial scenario

 

[Richard Regalado]

Information: JumboKing Burger recipe
Risk: The recipe could be stolen because there is no formal document control being practiced
Impact: High
Probability: High
Risk treatment: Write and implement a formal document management system with information classification and labeling
ISO/IEC 27001 control: A.8.2.1, A.8.2.2

Complete the risk assessment and treatment, then write your Statement of Applicability

 

[nitishk]

Thank Richard Sir for your valuable feedback.
Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.

 

[RoxaneB]

This sounds like an exercise from a class or an exam prep question. Rather than have an answer just given, why not offer to us what you think a good approach is - even if it's just a start - and feedback can then be offered from the group. In my opinion, just asking for the answer is not necessarily the best way to learn.

 

[Tagin]

Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.

Please provide your complete risk assessment sheet, and we can comment and make suggestions. No one here is going to do your work for you.

 

[optomist1]

the more info the poster provides upfront the better the response....detail, details, details are so important - just my 2 bitcoins worth

 

[Richard Regalado]

Thank Richard Sir for your valuable feedback.
Could you please help me by providing complete risk assessment sheet for above scenario, it would be much helpful as I'm very new and fresher to this profession.

Dear Nitishk,

No problem. I made the attached risk register in the parking lot while waiting for the wife. You are free to use it. My only request - if you modify or update the file, please share it back to the forum so that knowledge flows back here. For the impact and probability values, you may create your own tables based on the need of your organization. You can be as simple or as complex as you want. What is not shown here is the risk acceptance criteria. You have to think and decide on it.

Let me know if you have questions.



Regards,

Richard

 

[daniel okoturo]

Morning All,
I am in the process of conducting an ISO 27001 risk assessment for stage 1 audit ,and using the stated methodology and from that produce a risk register [6.1.2].

Does anyone has a lists of steps on what to do (with examples) and templates that I can re-use.

 

[Richard Regalado]

Morning All,
I am in the process of conducting an ISO 27001 risk assessment for stage 1 audit ,and using the stated methodology and from that produce a risk register [6.1.2].

Does anyone has a lists of steps on what to do (with examples) and templates that I can re-use.

Some steps:
1. Identify information assets
2. Identify information security risks
3. Assess impact and probability
4. Determine what is important
5. Think of what to do
6. Monitor what you did
7. Do it again

 

[daniel okoturo]

Hi Richard,

Thanks for the quick response. Useful information How do create the risk appetite?