O'Reilly logo

Risk Assessment for Asset Owners by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 5: OVERVIEW OF THE RISK ASSESSMENT PROCESS

ISO27001 says that ‘criteria against which risk will be evaluated’ must be contained within the ISMS policy (ISO 27001 clause 4.2.1 - b3). Within the context provided by the policy, the organization must identify a suitable risk assessment methodology that takes into account identified business, information security, legal and regulatory requirements (4.2.1 -c1) and must ensure that the criteria for accepting risks and for identifying the acceptable level of risks are defined (4.2.1 - c2).

ISO27001 says that the organization’s risk assessment methodology – which should reflect the organization’s risk appetite and/or sit within the existing Enterprise Risk Management (‘ERM’) structure – must ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required