All organizations today have to respond to a rapidly changing and increasingly threatening range of information security risks - risks which can, if unmitigated, lead to severe financial, regulatory and reputation damage for organizations. Information security investment and control decisions should be specifically driven by the outcome of a risk assessment process that identifies risks to specific information assets. Risk assessment is, in fact, the core competence of information security management. International standards, including ISO/IEC 27001:2005, ISO17799, BS7799-3 and NIST SP 800-30, provide overlapping guidance on risk assessment. This book provides clear, practical and comprehensive guidance on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard, and how to carry out a risk assessment that will help achieve corporate risk management objectives. It is essential reading for anyone involved generally in enterprise risk management and in information security specifically.
- ISBN10 1905356242
- ISBN13 9781905356249
- Publish Date 10 April 2007
- Publish Status Out of Print
- Out of Print 2 June 2010
- Publish Country GB
- Imprint IT Governance Publishing
- Format eBook
- Pages 196
- Language English