![]() Scope of the standard The standard ‘provides guidelines for information security risk management’ and ‘supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Dealing with the most significant information risks first makes sense from the practical implementation and management perspectives. ![]() ISO/IEC - Information technology - Security techniques - Information security risk management ( third edition) Introduction The ISO27k standards are deliberately risk-aligned, meaning that organizations are encouraged to assess risks to their information (called “information security risks” in the ISO27k standards, but in reality they are simply information risks) as a prelude to treating them in various ways.
0 Comments
Leave a Reply. |