Information Security Risk Management for ISO27001 /ISO27002

  • 2h 5m
  • Alan Calder, Steve G. Watkins
  • IT Governance
  • 2010

Expert guidance on planning and implementing a risk assessment and protecting your business information.

In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information security management system (ISMS) is ISO27002. As the code of practice explains, information security management enables organisations to ‘ensure business continuity, minimise business risk, and maximise return on investments and business opportunities’.

ISMS requirements

The requirements for an ISMS are specified in ISO27001. Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001.

International best practice

Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

About the Authors

Alan Calder is the founder director of IT Governance Ltd. His long executive career has spanned both the private and public sectors. He writes, speaks and consults widely on IT governance, compliance and information security.

Steve G. Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors, he has been responsible for most support disciplines. He has over 20 years' experience of managing integrated management systems, including maintenance of information security, quality, environmental and Investor in People certifications.

In this Book

  • Information Security Risk Management for ISO27001 /ISO27002
  • Introduction
  • Risk Management
  • Risk Assessment Methodologies
  • Risk Management Objectives
  • Roles And Responsibilities
  • Risk Assessment Software
  • Information Security Policy And Scoping36
  • The ISO27001 Risk Assessment
  • Information Assets
  • Threats And Vulnerabilities
  • Impact And Asset Valuation
  • Likelihood
  • Risk Level
  • Risk Treatment And The Selection Of Controls
  • The Statement Of Applicability
  • The Gap Analysis And Risk Treatment Plan
  • Repeating And Reviewing The Risk Assessment
  • Carrying Out An ISO27001 Risk Assessment Using vs Risk™
  • ISO27001 Implementation Resources
  • ITG Resources
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Audiobook ISO/IEC 27001:2022: An Introduction to Information Security and the ISMS Standard
Book Information Assurance and Risk Management Strategies: Manage Your Information Systems and Tools in the Cloud
Course CompTIA Security+: Risk Management
Rating 5.0 of 2 users Rating 5.0 of 2 users (2)