Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview by Alan Calder

CHAPTER 6: RISK MANAGEMENT

Risk assessment is at the heart of the information security management system (ISMS). Understanding its significance to the overall process is critical, and is one of the keys to project success. Top management adopts an information security policy because there are a number of significant risks to the availability, confidentiality, and integrity of the organization’s information, and it mandates the design and deployment of an ISMS in order to ensure its policy is systematically and comprehensively implemented. Therefore, the policy must reflect top management’s assessment of information security risks and opportunities. This does not mean top management needs to carry out a detailed risk assessment itself, but it ...