Skip to Main Content
Learn for Less – Enhance your auditing expertise today. Certify with confidence and save 25%. Find out more
Information Security Risk Management for ISO 27001/ISO 27002, third edition

Information Security Risk Management for ISO 27001/ISO 27002, third edition

SKU: 5402
Authors: Alan Calder and Steve Watkins
Publishers: ITGP
Format: PDF
ISBN13: 9781787781375
Pages: 181
Published: 06 Sep 2019
Availability: Available now
Format: ePub
ISBN13: 9781787781382
Pages: 181
Published: 06 Sep 2019
Availability: Available now
  • Provides practical advice on implementing and developing an ISO 27001- and ISO 27002-compliant information security and risk management system.
  • Covers key topics such as risk assessment methodologies, risk scales, threats and vulnerabilities, risk treatment and the selection of controls, producing the SoA (Statement of Applicability), and roles and responsibilities.
  • Gives guidance on choosing risk assessment software.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on +44 (0)333 800 7000.

Paperback formats are available for all IT Governance Publishing titles on request.
Please contact us for further information:

team@itgovernancepublishing.co.uk +44 (0)333 666 9000

Options:
Price: £29.95
Overview

Protect your information assets with effective risk management

In today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies.

The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. 


Information security management system requirements

ISO 27000, which provides an overview for the family of international standards for information security, states that “An organization needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS: […] assess information security risks and treat information security risks”.

The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline.


Plan and carry out a risk assessment to protect your information

Information Security Risk Management for ISO 27001/ISO 27002:

  • Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001;
  • Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3);
  • Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls; and
  • Includes advice on choosing risk assessment software.

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits. 

About the author

Alan Calder

Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru, and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker. 

Steve Watkins

Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK national standards body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3. 

Customer Reviews

(5.00)stars out of 5
Number of reviews: 1
1. on 31/08/2021, said:
5 stars out of 5
This is a great purchase. Helping me revamp our risk approach and methodology for Info Sec across our organisation. Language used is great for beginners and experienced professionals, and is easy to digest and read through. This book has also helped on my study for a IRM diploma, with great explanations and images where appropriate. The example parameters and risk definitions have been a huge help, and the amount/quality of links to additional sources and references is superb.
Showing comments 1-1 of 1
LEARN
FOR LESS
SAVE 25%
Loading...