New Risk Assessment Pocket Guide
NEW POCKET GUIDE SETS OUT PATH TO BEST PRACTICE
INFOSEC RISK ASSESSMENTS
London, May 14, 2007 – Organisations aiming to comply with ISO 27001, the best practice standard for information security management, need to use a defined risk assessment process as the cornerstone of their programme. To help executives and project managers adopt the required approach, specialist information security publisher IT Governance Limited has launched a new pocket guide that provides a concise and practical overview to this emerging management discipline.
‘Risk Assessment For Asset Owners’ is written by leading authors Alan Calder and Steve Watkins. Over 48 pages, it provides a clearly worded guide to the risk assessment requirements of ISO 27001 and how to manage the entire assessment process, from identifying assets and assessing threats to selecting appropriate risk treatments and controls.
Alan Calder said: “With infosecurity becoming more important by the day, this inexpensive pocket guide lays out the essentials of an ISO 27001-compliant risk assessment. Together with the other titles in the series, it provides an invaluable stepping stone to ISO 27001 compliance and certification.”
“A risk assessment involves asset owners across the organisation, and they all need to understand the same basic principles”, he continued. “Rather than spending money on weighty books that contain superfluous information, buying a batch of these guides provides a more cost-effective way to have everyone use the right methodology.”
Priced at £7.95 / US$15.92/ EUR11.81, the book is available for purchase and worldwide despatch from http://www.itgovernance.co.uk/products/833.
‘Risk Assessment For Asset Owners’ is the fourth in IT Governance’s series of pocket guides, which aims to distil the critical issues concerning information security management, ISO 27001 compliance and corporate governance. Other books already in the series include ‘ISO 27001: A Practical Guide’, ‘ISO 27001 Assessment Without Tears’ and ‘A Dictionary of Information Security Terms, Abbreviations and Acronyms’.
FOR FURTHER INFORMATION AND REVIEW COPIES
80:20 PR
+44 (0)20 7924 7576
All organisations face risks to information and information assets and many are seeking to identify and control those risks, usually as part of a structured approach to information security risk management.
ISO 27001 is an international standard specification for an Information Security Management System (or ‘ISMS’). Organisations that develop an ISMS in line with the specification of ISO27001 can receive external, third-party certification that their ISMS conforms to the standard, and such a certificate can have significant commercial, financial and compliance benefits.
Risk assessment is at the heart of risk management, and the two together form the core competences of information security management. ISO27001 specifies a series of steps that must form part of the risk assessment. While a number of people in the organisation will have a role to play in respect of risk assessment, these steps include a specific role for what the standard describes as ‘asset owners’.
IT Governance Ltd is the one-stop-shop for information security books, tools, training and consultancy. It approaches infosec issues from a non-technology background and talks to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Alan Calder is an international authority on information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, ‘IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799’. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security. He is a consultant to companies including Cisco. He regularly blogs on IT security issues at http://alancalder.blogspot.com/.
