Subset: RiskManagement
Elements supporting risk assessment (6.1.2) and risk treatment (6.1.3). Aligned with ISO 31000:2018 principles.
URI: RiskManagement
Comments
- Includes risk identification, analysis, evaluation, and treatment
- Links risks to controls and residual risk acceptance
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/iso27001
Classes in subset
| Class | Description |
|---|---|
| Risk | An identified information security risk that may affect information security ... |
| RiskAssessment | An instance of risk assessment performed per Clause 8 |
| RiskAssessmentProcess | The documented risk assessment process per Clause 6 |
| RiskTreatmentPlan | A risk treatment plan documenting planned actions to address identified risks... |
| RiskTreatmentProcess | The documented risk treatment process per Clause 6 |
Enumerations in subset
| Enumeration | Description |
|---|---|
| ImpactRating | Qualitative impact scale for risk assessment |
| LikelihoodRating | Qualitative likelihood scale for risk assessment |
| RiskLevel | Qualitative risk rating derived from likelihood x impact analysis |
| RiskTreatmentOption | Standard risk treatment options per ISO 31000 and ISO 27005 |