Quiz Entry - updated: 2026.06.04
Which steps form the Risikomanagement phase in the ISMS build-up?
Asset Register → Risk Estimation → Risk Evaluation → Risk Treatment → Umsetzung & Schulung (implementation and training).
- Asset Register — inventory what needs protecting (information, systems, processes); without it, every later step is guesswork
- Risk Estimation — estimate likelihood and impact for the threats against those assets
- Risk Evaluation — compare estimated risks against the organization's risk acceptance criteria: which are tolerable, which need action?
- Risk Treatment — choose per risk: mitigate (controls), transfer (insurance/outsourcing), avoid (stop the activity), or accept
- Umsetzung / Schulung — implement the chosen measures and train the people who must live them
This mirrors ISO 27005 / BSI 200-3 risk methodology — estimation vs. evaluation is the classic exam distinction: estimation produces numbers/levels, evaluation produces decisions by holding them against acceptance criteria.