Application Security in the ISO 27001:2013 Environment

CHAPTER 3: RISK ASSESSMENT

Any organisation pursuing ISO27001 certification for its information security management system will need an approach to risk assessment that meets the requirements of ISO/IEC27001:2013. Clause 6.1.2 of ISO27001 requires the organisation to take an explicitly risk-based approach to the selection and operation of information security controls.¹⁰ The approach to risk in ISO2001:2013 can be described as scenario-based rather than asset-based; each risk is treated across the entire organisation rather than on an asset-by-asset basis.

Risk management

Risk management is a discipline for dealing with non-speculative risks – those risks from which only a loss can occur. In other words, speculative risks can be seen as ...

Get Application Security in the ISO 27001:2013 Environment now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Application Security in the ISO 27001:2013 Environment by Vinod Vasudevan

CHAPTER 3: RISK ASSESSMENT

Risk management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly