Risk Assessment without the fear
You can be confident that your order is safe and secure. We use SSL encryption on all our transactions to ensure your safety.
If you have any questions or comments about the checkout process please contact our Checkout Hotline on +44 (0) 845 290 3172
Risk assessment is the core competence of information security management
Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment in relation to identified risks and specific information assets. Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.
The key book on risk assessment is Information Security Risk Management for ISO27001/ISO17799 (Alan Calder and Steve G Watkins, ITGP, 2007).
In today's information economy, the protection of information assets - 'information security' - is rapidly overtaking physical asset protection as a fundamental public sector governance responsibility. Information security management (defined as 'the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximise return on investments and business opportunities', is becoming a critical business discipline, in both the private and public sectors.
ISO/IEC 27001:2005 ('ISO27001') is a specification that sets out the requirements for an information security management system ('ISMS'). ISO27001 is explicit in requiring a risk assessment to be carried out before any controls are selected and implemented and is equally explicit that the selection of every control must be justified by a risk assessment.
There are a number of other information security and risk assessment standards that support or are similar to ISO27001, including:
ISO27001 is increasingly seen as offering a practical solution to the requirements of the UK's Data Protection Act as well as helping organizations more cost-effectively counter today’s increasingly sophisticated and varied range of information security threats. As a result a growing number of private and public sector organizations around the world are seeking certification to ISO27001.
An ISMS developed and based on risk acceptance/rejection criteria, and using third party accredited certification to provide an independent verification of the level of assurance, is an extremely useful management tool. Such an ISMS offers the opportunity to define and monitor service levels internally as well as in contractor/partner organizations, thus demonstrating the extent to which there is effective control of those risks for which directors and senior management are accountable.
Completing your risk assessment
