Many organisations choose to implement ISO 27001 as it demonstrates that they have put in place the best-practice information security processes. It is also the only international standard that defines the requirements of an information security management system (ISMS).
An ISMS is a set of policies, procedures, processes and systems that manage information risks. They require security controls to be based on regular risk assessments to ensure that they are relevant to the risks that the organisation faces.
As part of ISO 27001, the risk assessment process must:
- Establish and maintain the information security risk criteria;
- Make sure that the repeated risk assessments produce consistent and valid results;
- Identify the risks associated with loss of confidentiality, integrity and availability for information within the scope of the ISMS and the owners of those risks; and
- Analyse and evaluate information security risks according to specific criteria.
Risk assessments enable organisations to prepare for potential risks and put controls and measures in place to make sure that any risk can be minimised and defended against. They also ensure that the controls your organisation chooses are appropriate to these risks. Without an assessment, you could waste time, effort and resources defending against risks that are unlikely to occur or would have little impact.
Our free green paper, ‘Risk Assessment and ISO 27001’, can help you discover:
- How risk assessments fit into your ISO 27001 project;
- How to produce reliable and robust results in five straightforward stages;
- Common issues to avoid surrounding the risk assessment process; and
- How to use risk assessments to achieve maximum benefits from minimum security costs.
When carrying out risk assessments, organisations often use Excel spreadsheets. However, these are prone to errors and can be difficult to set up and maintain. Using a risk assessment tool can eliminate the need for spreadsheets and help you produce consistent and reliable risk assessments.
Fully aligned with ISO 27001, vsRisk™ automates and delivers an information security risk assessment quickly and easily, and has been proven to save time, effort and expense when tackling complex risk assessments.
To request a free demo, speak to one of our software experts.