CHAPTER 2: RISK ASSESSMENT METHODOLOGIES
In this book we use the terms ‘method’ and ‘methodology’ interchangeably. A method is (as most standard dictionaries explain) simply a ‘way of doing something’. A method, in other words, will contain principles and procedures, describing both what must be done and how it must be done. A risk assessment methodology, therefore, is a description of the principles and procedures (preferably documented) that describe how information security risks should be assessed and evaluated.
An effective, defined, ISO27001 information security risk assessment methodology should meet the requirements of ISO27001 and, in doing so, should provide the organisation (particularly its board and management) with an assurance ...
Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.