O'Reilly logo

Application Security in the ISO27001 Environment by Anbalahan Siddharth, Pakala Sangit, Shetty Sachin, Ummer Firosh, Mangla Anoop, Vasudevan Vinod

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3. Risk Assessment

Any organisation pursuing ISO27001 certification for its information security management system will need an approach to risk assessment that meets the requirements of ISO/IEC27001:2005. Clause 4.2.1 b) of ISO27001 requires the organisation to take an explicitly risk-based approach to the selection and operation of information security controls.[14]

Risk management

Risk management is a discipline for dealing with non-speculative risks, those risks from which only a loss can occur. In other words, speculative risks can be seen as the subject of an organisation’s business strategy whereas non-speculative risks, which can reduce the value of the assets with which the organisation undertakes its speculative business activity, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required