January 2022
Beginner
408 pages
11h 20m
English
Content preview from Mastering Risk Management
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
INFORMATION SECURITY RISK MANAGEMENT FRAMEWORK
Many commentators on information security talk about an Information Security Management System (ISMS). This is really an information security risk management system. The ISO/IEC 27000; 2018 makes this clear in paragraph 4.4, Why an ISMS is important, by stating ‘Risks associated with an organization’s information assets need to be addressed. Achieving information security requires the management of risk, and encompasses risks from physical, human and technology related threats associated with all forms of information within or used by the organization.’
Rather than stating a number of principles which must be adhered to, we believe that a picture is worth a thousand words. Figure 16.1 shows a typical ...