Risk Assessment for Asset Owners
This book is aapocket guide to the ISO27001 risk assessment, and designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30."
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
acceptable risk additional controls Alan Calder and/or applied appropriate controls Assessing the realistic ASSET IDENTIFICATION Asset Owners asset valuation table Calder and Steve CHAPTER clause compliance contractual requirements controls currently defined depends documents ensure Enterprise Risk Management estimated identified assets identified risks identified threat implemented includes information assets information security management information security policy Information Security Risk integrity and availability integrity or availability ISMS ITGP legal and contractual level of risk Low Medium Medium High mobile phones organization’s risk assessment PDAs Pocket Guide potential impact realistic likelihood requires the organization residual risk responsible risk acceptance criteria risk assessment methodology risk assessment process risk assessment tool risk treatment decisions Risk Treatment Plan security management system Security Risk Management selected controls sensitivity classification specific Statement of Applicability Steve G Watkins system administrator taking into account threat could exploit threat exploiting threat-vulnerability combination threats and vulnerabilities Treatment and Control users work-around www.itgovernance.co.uk