An ISO 27001-compliant information security management system (ISMS) developed and maintained according to risk acceptance/rejection criteria is an extremely useful management tool, but the risk assessment process is often the most difficult and complex aspect to manage, and often requires external assistance.
ISO 27001 explicitly requires compliant organisations to carry out risk assessments based on agreed risk acceptance criteria that must be used when analysing risk. Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.
This green paper seeks to explain and unravel some of the issues surrounding the risk assessment process.
- The three stages of the ISO 27005 risk assessment process: risk identification, analysis and evaluation
- Risk assessment and the ISO 27001 Statement of Applicability
- How to use risk assessments to achieve maximum benefits from minimum security costs
- How risk assessments fit into the continuous improvement cycle
- Request a free demonstration of vsRisk risk assessment software to discover how it can save you time and money, the demonstration will be provided by Vigilant Software, manufacturer of vsRisk. Click here to find out more >>
Download this free green paper today to find out how risk assessments fit into in your ISO 27001 project.