O'Reilly logo

ISO27001 / ISO27002 A Pocket Guide by Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 12: RISK ASSESSMENT

The next planning step is the information security risk assessment. Risk assessment is dealt with in clauses 4.2.1.c, d, f and g of ISO27001, supported by the guidance of ISO27002 Clause 4.

This is the second area in which the two standards are directly complementary. While ISO27001 specifies the risk assessment steps that must be followed, ISO27002 provides further guidance, in its Clause 4, on the risk assessment process, but deliberately does not provide detailed guidance on how the individual assessment itself is to be conducted. This is because every organisation is encouraged to choose the approach which is most applicable to its industry, complexity and risk environment.

Link to ISO/IEC 27005

ISO27005 has been ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required