1. How to control your Risks in Information Security ISO27001
List all the potential risks that may impact your information processing. Once you uncover any risks, you need to analyse how the risk might occur, which may further involve identifying a vulnerability in your asset and any threat that could possibly exploit that vulnerability.
2. How to Choose Controls to Treat the Risks
Once you discover and analyse risks, you need to mitigate those risks to reduce them to a workable level. ISO 27001 recommends four ways to treat risks:
- Retain or tolerate
- Avoid or terminate
- Share or transfer
- Modify or treat
Ideally this step gives you the chance to apply security controls that will most likely reduce the impact or likelihood of that risk.
3. How to Develop a Risk Treatment Plan
Produce your risk treatment plan as an integral part of a certified ISO 27001 ISMS, providing a summary of each identified risk, along with the responses determined for each risk, the owner of each risk and the anticipated date of completion.
The Risk treatment plan is constant evolving risk scores, as pandemic’s cause an impact you should update your risk plans. If your company or organisation lose power to the processing of controls then your risk scores should help you mitigate the risk
All risks could become ISMS objectives and measuring the performance of your systems