CHAPTER 12: REVIEWING THE RISK ASSESSMENT
ISO27001 sets out the requirement: ‘review risk assessments at planned intervals and review the residual risks and the identified acceptable levels of risks’ taking into account changes in the business environment, to the organization, to the risks it faces, to the incidents it experiences, to regulatory changes and in light of the effectiveness of the controls.15
Given the rate of development of new threats, the discovery of new vulnerabilities and the development of new technology (with its own inherent vulnerabilities), the information security management system needs to be continually reviewed to ensure it remains fit for purpose and that it meets the requirements of the information security policy. ...
Get Risk Assessment for Asset Owners now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.