The ISO 27002 & ISO 27001 Directory
The ISO 27002 & ISO 27001 Directory |
|
|
Security risk assessment is a fundamental requirement not only of the standard, but as a driver for sound information security itself. ISO 27001 is very clear with respect to the requirements, specifying that it is a requirement to "Define the risk assessment approach of the organization". It continues, stating the requirement to "Identify the risks"; "Analyze and evaluate the risks"; Identify and evaluate options for the treatment of risks; "Select control objectives and controls for the treatment of risks; "Obtain management approval of the proposed residual risks". Throughout ISO 27002 reference to risk assessment is frequent. The bottom line is that this is a core requirement.
|
|
|
