Risk Management Standards Applicable to the Implementation of an ISO27001 Information Security Management System (ISMS)  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

White Papers for International Standards Organization (ISO) 27002 (17799)

Risk Management Standards Applicable to the Implementation of an ISO27001 Information Security Management System (ISMS)

Above Security

Executive Summary
When introducing a procedure for risk management in an organization, it is up to management to choose a method compatible with the needs of the organization.

Not only should the method allow to identify and to deal with the risks, but it should also allow for the introduction of a frame of reference for them.

Risk management refers to the introduction of a reproducible process which insures:

1. The identification of threats and vulnerabilities which the organization faces;
2. The identification of the levels of tolerance of the organization towards these risks;
3. The establishment of a measureable approach that would allow for the evaluation and the prioritization of the risks while handling them;
4. The establishment of a clear method of risk treatment; and
5. The follow up of the residual risks and the operating methods to identify the new risks and to reevaluate the existing risks that the company faces.

This white paper aims at supplying you with an insight into the standards and methods that we recommend for setting up an organization’s risk management system.

It describes the various ISO standards that support the introduction of this management system as well as the ISO: 27001 and ISO: 27002 standards, which are specific to the set up of an ISMS.

The ISO methods that were selected and which are described in this white paper were chosen because they respond to the needs of the ISO :27001 standards as to the certification of the ISMS (Information Security Management System) in regards to the risk management process, that must necessarily be put in place, in order for a company to obtain its certification.

It is important to note that other specifications and risk management methods exist (NIST, Octave, EBIOS, Mehari for example). They will not be treated in this white paper, which covers only the ones recognized by the International Standards Organization (ISO).

Enjoy your reading,

Martin Dion, CISSP/CISM
ISO:27001 Lead Auditor & Trainer
CTO, Above Security

View the White Paper



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.