LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

Which steps form the Risikomanagement phase in the ISMS build-up?

Asset Register → Risk Estimation → Risk Evaluation → Risk Treatment → Umsetzung & Schulung (implementation and training).

  1. Asset Register — inventory what needs protecting (information, systems, processes); without it, every later step is guesswork
  2. Risk Estimation — estimate likelihood and impact for the threats against those assets
  3. Risk Evaluation — compare estimated risks against the organization's risk acceptance criteria: which are tolerable, which need action?
  4. Risk Treatment — choose per risk: mitigate (controls), transfer (insurance/outsourcing), avoid (stop the activity), or accept
  5. Umsetzung / Schulung — implement the chosen measures and train the people who must live them

This mirrors ISO 27005 / BSI 200-3 risk methodology — estimation vs. evaluation is the classic exam distinction: estimation produces numbers/levels, evaluation produces decisions by holding them against acceptance criteria.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026