ISO27001/ISO27002 A Pocket Guide, 2nd edition

CHAPTER 12: RISK ASSESSMENT

The next planning step is the information security risk assessment. Risk assessment is dealt with in clauses 6.1.2 and 8.2 of ISO27001, supported by the guidance of ISO27002 Clause 0.2.

Rather than being immediately complementary, ISO27002 recognises the value of additional control and management frameworks. The risk assessment guidance offered in ISO27002, therefore, is necessarily brief as it encourages the organisation to choose the approach which is most applicable to its industry, complexity and risk environment.

Link to ISO/IEC 27005

ISO27005 is a code of practice and provides detailed and extensive guidance on how to implement the requirements mandated by ISO27001. While the risk assessment must be carried out ...

Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001/ISO27002 A Pocket Guide, 2nd edition by Alan Calder

CHAPTER 12: RISK ASSESSMENT

Link to ISO/IEC 27005

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly