APPENDIX 1: CARRYING OUT AN ISO27001 RISK ASSESSMENT USING VSRISK™
As we’ve said in this book, risk assessment is a core competence for information security management. We’ve also said that, without using a database risk assessment tool, it is virtually impossible to adequately manage an ISO27001-compliant information security risk assessment in any organisation that has more than a handful of staff and very few information assets. This appendix builds on the content of this book to guide the reader through the process of selecting a risk assessment tool and carrying out an ISO27001-compliant risk assessment in line with the requirements of ISO27001 4.2.1 – c to j using that tool.
In this book, we have recommended vsRisk™, and our reasons for ...
Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
