Vigilant Software, the leader in ISO 27001 compliance software, has released new, practical guidance on conducting a risk assessment based on the requirements of the international information security standard ISO/IEC 27001.
Compiled by international expert on information security and ISO 27001 Alan Calder, the guidance provides much-needed support to those planning to implement an information security management system (ISMS) aligned to ISO 27001. It also offers expert advice to companies that recognise the importance of carrying out a risk assessment as part of a comprehensive cyber security regime.
The risk assessment is a central part of developing an ISMS compliant with ISO 27001, but newcomers often view it as a complex and burdensome process.
The best practice set out in the guidance, ‘Five critical steps to successful risk assessments’, can be followed and applied by anyone, and includes the following essential areas:
- The four key issues that a risk assessment needs to consider;
- What baseline security criteria are and why they are important;
- How to make sense of risk scales and what the optimum scale should be;
- Why it’s customary to accept certain types of risks;
- How risk analysis helps to make cost-effective decisions;
- Why it’s a good idea to create groups of similar assets;
- How to identify threats and vulnerabilities in risk decisions;
- The four important risk management options.
The free guidance is available to download from Vigilant Software’s website.
View the full features of the definitive risk assessment software vsRisk™ on the developer’s website at www.vigilantsoftware.co.uk.