This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. Drawing on international best practice including ISO/IEC 27005 and BS7799-3, the book explains in detail how to do an information security risk assessment.
The changing global economy, together with recent corporate and IT governance developments, all provide the context within which organisations have to assess risks to the information assets on which their organisations, and the delivery of their business plan objectives, depend. Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment process in relation to identified risks and specific information assets. Risk assessment is, therefore, the core competence of information security management.