4

Risk Management

Managing risks while using information technology is known as information security risk management. It is the process of recognizing, assessing, and addressing threats to an organization’s assets’ confidentiality, integrity, and availability. Several coordinated actions can be used to lead and regulate a company’s risk management.

The eventual goal of this approach is to treat risks that are beyond the organizational risk appetite as per the overall risk tolerance of a business. Rather than aiming for zero risk, companies should aim for a level of risk that is manageable for their company.

Managing risk is one of the most challenging aspects of implementing ISO 27001, but risk assessment (and treatment) is also the most critical ...

Get Mastering Information Security Compliance Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.