O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

APPENDIX 1: CARRYING OUT AN ISO27001 RISK ASSESSMENT USING VSRISK™

As we’ve said in this book, risk assessment is a core competence for information security management. We’ve also said that, without using a database risk assessment tool, it is virtually impossible to adequately manage an ISO27001-compliant information security risk assessment in any organisation that has more than a handful of staff and very few information assets. This appendix builds on the content of this book to guide the reader through the process of selecting a risk assessment tool and carrying out an ISO27001-compliant risk assessment in line with the requirements of ISO27001 4.2.1 – c to j using that tool.

In this book, we have recommended vsRisk™, and our reasons for ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required