O'Reilly logo

ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition by Brian Honan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Conducting A Risk Assessment

Effectively running and managing an ISMS requires the system to be based upon a solid risk assessment and subsequent risk management disciplines. This means you need to have a formal process in place to identify and rate the different types of information security risks that exist against your information assets in terms of their impact and the likelihood of occurrence.

Once you have identified all the appropriate information security management risks, you need to put in place a formal process to assess and manage those risks. It is important that this process is one that you can repeat at regular periods in order to re-evaluate the risks.

Before we conduct a risk assessment, we need to understand what we ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required