O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 7: THE ISO27001 RISK ASSESSMENT

We’ve already looked at the ISO27001 risk assessment in the context of the ERM framework and in relation to the PDCA cycle. This chapter provides an overview of the steps that ISO27001 specifically requires, identifies some gaps, and introduces the additional best practice guidance available in ISO27002, ISO27005 and BS7799-3:2006 (BS7799).39

We want to remind readers, at this point, that there is an important difference between a specification and a code of practice. A specification, such as ISO27001, sets out specific requirements which, if followed, will allow a management system to receive a third party certificate of conformity. A code of practice, such as ISO27002 or ISO27005, provides guidance on ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required