Risk Assessment for Asset Owners: A Pocket Guide Alan Calder
All organizations face risks to information and information assets. Many organizations seek to identify and control those risks, usually as part of a structured approach to information security risk management. Risk assessment is at the heart of risk management, and the two together form the core competences of information security management. ISO27001 specifies a series of steps that must form part of the risk assessment. While a number of people in the organization will have a role to play in respect of risk assessment, these steps include a specific role for what the standard describes as asset owners . This book covers: * Information Security Risk Management * Definitions * Asset Owners * Overview of the Risk Assessment Process * Asset Identification * Threats and Vulnerabilities * Asset Valuation * Risk Level * Risk Treatment and Control * Statement of Applicability and Risk Treatment Plan * Reviewing the Risk Assessment