Chapter 6: Risk management

Risk management is at the heart of the ISMS. Understanding its significance to the overall process is one of the keys to project success. The board adopts an information security policy because there are several significant risks to the confidentiality, integrity and availability of the organisation’s information, and ISO 27001 mandates the design and deployment of an ISMS to ensure that the policy is implemented systematically and comprehensively.

The policy must therefore reflect the board’s assessment of information security risks and opportunities. This doesn’t mean the board needs to carry out a detailed risk assessment itself, but it does need to set out a clear, overall approach to risk that can be used to take ...

Get Nine Steps to Success - An ISO 27001:2022 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success - An ISO 27001:2022 Implementation Overview by Alan Calder

CHAPTER 6: RISK MANAGEMENT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly