Information Security Risk Management for ISO27001/ISO27002

Front Cover
IT Governance Ltd, Apr 27, 2010 - Business & Economics - 187 pages
1 Review
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.
 

What people are saying - Write a review

User Review - Flag as inappropriate

Good Book ,
but there is only 42 pages. !!

Contents

Introduction
10
Risk Management
16
Risk Assessment Methodologies
26
Risk Management Objectives
42
Roles and Responsibilities
54
Risk Assessment Software
64
Information Security Policy and Scoping
79
The ISO27001 Risk Assessment
91
Likelihood
135
Risk Level
140
Risk Treatment and the Selection of Controls
147
The Statement of Applicability
159
The Gap Analysis and Risk Treatment Plan
164
Repeating and Reviewing the Risk Assessment
168
Carrying out an ISO27001 Risk Assessment using vsRisk
171
ISO27001 Implementation Resources
181

Information Assets
98
Threats and Vulnerabilities
110
Impact and Asset Valuation
118
Books by the Same Authors
183
ITG Resources
185
Copyright

Other editions - View all

Common terms and phrases

Bibliographic information