All organizations face risks to information and information assets. Many organizations seek to identify and control those risks, usually as part of a structured approach to information security risk management. ISO/IEC27001:2005 is an international standard specification for an Information Security Management System (or 'ISMS'). Organizations that develop an ISMS in line with the specification of ISO27001 can receive external, third-party certification that their ISMS conforms to the standard, and such a certificate can have significant commercial, financial and compliance benefits. ISO/IEC17799:2005 is the international Code of Practice for information security; it provides detailed guidance to support the specification contained in ISO27001 but is not, itself, a specification. Risk assessment is at the heart of risk management, and the two together form the core competences of information security management. ISO27001 specifies a series of steps that must form part of the risk assessment. While a number of people in the organization will have a role to play in respect of risk assessment, these steps include a specific role for what the standard describes as 'asset owners'.
This Pocket Guide to the ISO27001 risk assessment is designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It also conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30.
- ISBN10 6612384689
- ISBN13 9786612384684
- Publish Date 1 May 2007 (first published 1 January 2007)
- Publish Status Active
- Out of Print 29 February 2012
- Publish Country US
- Imprint It Governance Ltd
- Format eBook
- Pages 46
- Language English