Free PDF download: Risk Assessment and ISO 27001
An ISO 27001-compliant information security management system (ISMS) developed and maintained according to risk acceptance/rejection criteria is an extremely useful management tool, but the risk assessment process is often the most difficult and complex aspect to manage, and it often requires external assistance.
ISO 27001 explicitly requires compliant organizations to carry out risk assessments based on agreed risk acceptance criteria that must be used when analyzing risk.
This green paper seeks to explain and unravel some of the issues surrounding the risk assessment process.
- The stages of the risk assessment process, including risk identification, analysis, and evaluation
- Risk assessment and the ISO 27001 Statement of Applicability
- How to use risk assessments to maximize benefits while reducing security costs
- How risk assessments fit into the continual improvement cycle