O'Reilly logo

Nine Steps to Success: An ISO 27001 Implementation Overview by Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Control Selection

The risk assessment is at the heart of the ISMS. To a very real extent, you could say that the controls adopted by the organization are the ISMS. While this, of course, is not strictly true, the reality is that the bulk of the project time will be invested in desiging, deploying, testing and revising appropriate controls that are intended to meet the identified risks. It is therefore important to have an overview of controls.

The concepts of risks and controls are linked and are fundamental to information security management systems. Risk is defined as ‘the combination of the probability of an event and its consequences’. Control is defined as the ‘means of managing risk, including policies, procedures, guidelines, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required