Is there a standard sequence to be followed when conducting an information security risk assessment?
Is there a standard sequence to be followed when conducting an information security risk assessment?
Answer
Part-IS does not require the use of any specific information security risk assessment framework. Organisations can start their information security risk assessment either from the safety consequences (impact on safety) or from identifying the assets (elements) and the threats to those assets. A combination of the above methodologies is also possible and recommended.
Last updated
22/08/2025