CHAPTER 7: THE ISO27001 RISK ASSESSMENT

We’ve already looked at the ISO27001 risk assessment in the context of the ERM framework and in relation to the PDCA cycle. This chapter provides an overview of the steps that ISO27001 specifically requires, identifies some gaps, and introduces the additional best practice guidance available in ISO27002, ISO27005 and BS7799-3:2006 (BS7799).39

We want to remind readers, at this point, that there is an important difference between a specification and a code of practice. A specification, such as ISO27001, sets out specific requirements which, if followed, will allow a management system to receive a third party certificate of conformity. A code of practice, such as ISO27002 or ISO27005, provides guidance on ...

Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.