Question - Advice for adding asset-threat-vulnerability style risk methodology into Eramba

We are trying to add our existing risk assessment/treatment into Eramba, however we followed the asset-threat-vulnerability approach to risks assessment, but Eramba follows the event-based approach.

ISO 27005 (the guidelines for information security risk management) proposes two approaches: the event-based approach and the asset-threat-vulnerability approach.

Has anyone encountered this, and if so, how did you go about converting the asset-threat-vulnerability approach to the event-based approach used in Eramba?

I’m getting the impression that we would need to redo the whole risk analysis to an extent, to get the individual risks (event-based) defined.


I would suggest to quote the source in more detail, page, paragraph, etc.