The assessment and management of information security risks is at the core of the international standard ISO 27001, which sets out the specification for an ISMS (information security management system).
An ISMS is a best-practice approach that encompasses people, processes and technology, and helps you protect your organisation’s information through effective risk management.
What does ISO 27001 say about risk assessments?
Section 6.1.2 of the Standard states that the risk assessment process must:
- Establish and maintain certain information security risk criteria;
- Ensure that repeated risk assessments “produce consistent, valid and comparable results”;
- “Identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system”;
- Identify the owners of those risks; and
- Analyse and evaluate information security risks according to certain criteria.
How to conduct a risk assessment
Join IT Governance Gulf for our free webinar, Conducting a cyber security risk assessment, to find out how to get started with your risk assessment process.
This webinar covers:
- The five-step approach to conducting a risk assessment;
- Information security versus cyber security;
- Choosing appropriate risk treatment options;
- Unpacking the key controls necessary for effective cyber security;
- Reviewing, monitoring and reporting on the risk assessment; and
- ISO 27001 and effective information security risk management.
This webinar will be delivered by global ISO 27001 expert Alan Calder on 24 October 2018 from 3:00 – 4:00 pm GST. It will include a 15-minute Q&A session at the end to provide extra insight into implementing an ISO 27001-compliant ISMS.
Can’t attend at this time? You should still register! We will send the slides and recording to all registrants after the webinar.
This is the final webinar in our exciting ISO 27001 series, which was designed specifically to support GCC (Gulf Cooperation Council) organisations with their ISO 27001 compliance obligations. If you missed our previous webinars, you can download the slides and recordings from our website.