Implementing Iso27001
2 total works
Information Security Risk Management for Iso27001 / Iso17799
by Alan Calder and Steve Watkins
Published 1 January 2007
Information Security Risk Management for ISO27001/ISO17799
by Alan Calder and Steve Watkins
Published 10 April 2007
All organizations today have to respond to a rapidly changing and increasingly threatening range of information security risks - risks which can, if unmitigated, lead to severe financial, regulatory and reputation damage for organizations. Information security investment and control decisions should be specifically driven by the outcome of a risk assessment process that identifies risks to specific information assets. Risk assessment is, in fact, the core competence of information security management. International standards, including ISO/IEC 27001:2005, ISO17799, BS7799-3 and NIST SP 800-30, provide overlapping guidance on risk assessment. This book provides clear, practical and comprehensive guidance on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard, and how to carry out a risk assessment that will help achieve corporate risk management objectives. It is essential reading for anyone involved generally in enterprise risk management and in information security specifically.