An ISO 27001 risk assessment is at the core of your organisation’s information security management system (ISMS). Those new to tackling this complex step may rely on using a manual, inexpensive solution such as spreadsheets, but there are many disadvantages to doing so.
Why using spreadsheets for your risk assessment is a bad idea
Excel spreadsheets were initially built for accountants. Despite being trusted by professionals for more than 20 years, they are not designed to deliver a risk assessment.
Experienced information security and risk management practitioners will be fully aware of the dangers of using spreadsheets, so they’ll always use purpose-built ISO 27001 risk assessment software tools instead.
The disadvantages of spreadsheets include:
- Too much room for user-input error;
- Large and cumbersome, making it hard to find specific information; and
- Difficult to share and keep up to date, particularly if multiple users need to input data.
Take a look at our infographic, Spreadsheets Vs Risk Assessment Software.
Alternative solutions to spreadsheets
The risk assessment is complicated and multi-dimensional. Whatever tool you use, it needs to consider many elements, such as:
- Vulnerabilities and controls;
- Likelihood and impact values of risks; and
- Reporting and analysis.
vsRisk eliminates the need to use spreadsheets by helping you produce consistent, robust and reliable risk assessments year after year.
Fully aligned with ISO 27001, vsRisk reduces time spent on the risk assessment by 80% and provides accurate and auditable results.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software Blog authored by Chloe Biscoe. Read the original post at: https://www.vigilantsoftware.co.uk/blog/iso-27001-risk-assessments-the-problem-with-using-spreadsheets/