© Abhishek Chopra, Mukund Chaudhary 2020
Abhishek Chopra and Mukund ChaudharyImplementing an Information Security Management Systemhttps://doi.org/10.1007/978-1-4842-5413-4_5

5. Risk Management Approach

Abhishek Chopra and Mukund Chaudhary2
Faridabad, Haryana, India
Noida, India
“If you don’t invest in risk management, it doesn’t matter what business you’re in, it’s a risky business.”
—Gary Cohn
The previous chapter discussed how to conduct a risk assessment exercise and give a risk assessment report presentation. This chapter discusses the approach to be followed for managing the risks identified during the risk assessment exercise. This chapter will also focus on identifying assets and applying security controls.

Defining and Finalizing the ...

Get Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.