Risk Assessment for Asset Owners: A Pocket GuideThis book is aapocket guide to the ISO27001 risk assessment, and designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30." |
Contents
8 | |
10 | |
12 | |
ASSET OWNERS | 14 |
OVERVIEW OF THE RISKASSESSMENT PROCESS | 16 |
ASSET IDENTIFICATION | 21 |
THREATS ANDVULNERABILITIES | 25 |
ASSET VALUATION | 29 |
RISK LEVEL | 34 |
RISK TREATMENT ANDCONTROL SELECTION | 36 |
STATEMENT OFAPPLICABILITY AND RISK TREATMENTPLAN | 41 |
REVIEWING THE RISKASSESSMENT | 45 |
Other editions - View all
Common terms and phrases
acceptable risk additional controls Alan Calder and/or applied appropriate controls Assessing the realistic Assessment for Asset ASSET IDENTIFICATION Asset Owners asset valuation table Calder and Steve CHAPTER clause compliance contractual requirements defined documents Enterprise Risk Management estimated Grouping of assets identified assets identified risks identified threat impact value implemented includes information assets information security management information security policy Information Security Risk integrity and availability integrity or availability ISMS ITGP legal and contractual level of risk mobile phones organization's risk assessment PDAs Pocket Guide potential impact realistic likelihood residual risk responsible risk acceptance criteria risk appetite risk assessment methodology risk assessment process risk assessment tool risk equation risk treatment decisions Risk Treatment Plan security management system Security Risk Management selected controls sensitivity classification specific Statement of Applicability Steve G Watkins system administrator taking into account threat could exploit threat exploiting threat-vulnerability combination threats and vulnerabilities Treatment and Control users work-around