Information Security Risk Management for ISO 27001/ISO 27002: A Practical Guide to Risk, Assessment, and Control Selection Aligned with ISO Standards

· ·
· Packt Publishing Ltd
Ebook
181
Pages
Ratings and reviews aren’t verified  Learn More

About this ebook

Understand ISO-aligned risk management and learn how to apply key assessment and control methodologies.Key Features
  • Detailed breakdown of the ISO risk process into manageable stages
  • Coverage of both qualitative and quantitative risk assessment approaches
  • Actionable strategies and tools for gap analysis and control selection
Book DescriptionThis guide navigates through the essential processes of risk management within an ISO 27001/27002 framework. Beginning with foundational principles and methodologies, it systematically details every stage from assessment and analysis to treatment and review. Readers will learn how to apply both qualitative and quantitative techniques to measure impact, likelihood, and risk levels accurately. The book provides clarity on roles, policies, asset classification, and control selection, reinforced by practical tools like gap analysis and risk assessment software. Real-world scenarios and methodologies are contextualized for effective decision-making aligned with international compliance standards. By the end, readers will possess a comprehensive understanding of implementing and sustaining a risk management system that meets ISO 27001/27002 requirements, enabling them to better safeguard information assets and demonstrate regulatory accountability.What you will learn
  • Identify phases of information risk management clearly
  • Distinguish qualitative and quantitative risk analysis
  • Define security risk management objectives precisely
  • Assign clear roles in ISO 27001-based risk processes
  • Apply various risk assessment software tools effectively
  • Categorize assets and evaluate their business value
Who this book is for

This book is ideal for IT security professionals, compliance officers, auditors, and project managers tasked with implementing ISO 27001/27002. Readers should have a basic understanding of information security principles and organizational risk. Familiarity with ISO standards or prior audit experience is recommended.

About the author

IT Governance Publishing (ITGP) is the world's only specialist IT governance publisher. We produce books, toolkits and training aids on a wide range of topics including information security, IT governance, information risk, compliance, cyber security, IT service management, project management and management system standards.

Alan Calder is the Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international Cyber Security Guru, and a leading Author on Information Security and IT Governance issues. He has been involved in the development of a wide range of Information Security Management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients across the globe and is a regular Media Commentator and Speaker.

Steve G Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification and also undertakes information security assessments of forensic science laboratories seeking accreditation to the Forensic Science Regulator's codes of practice and conduct. Steve is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy protection standards, where he is a co-editor of ISO/IEC 27006-1. He chairs IST 33, the UK national standards body's technical committee that mirrors SC 27, and is a member of the European Commission's Stakeholder Cybersecurity Certification Group (SCCG). Steve started working with ISMS standards in 1997. He has since supported a wide range of training and consultancy clients working with ISO/IEC 27001, including globally recognised brands, public-sector organisations and a wide selection of SMEs. Steve was a director of IT Governance Ltd from 2008 and on the board of GRC International Group PLC through to May 2021.

Rate this ebook

Tell us what you think.

Reading information

Smartphones and tablets
Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.
Laptops and computers
You can listen to audiobooks purchased on Google Play using your computer's web browser.
eReaders and other devices
To read on e-ink devices like Kobo eReaders, you'll need to download a file and transfer it to your device. Follow the detailed Help Center instructions to transfer the files to supported eReaders.
Report illegal content

More by IT Governance Publishing

IT Governance: An international guide to data security and ISO 27001/ISO 27002
IT Governance Publishing
Business & investing
€49.04€34.33

Similar ebooks

IT Governance: An international guide to data security and ISO 27001/ISO 27002
IT Governance Publishing
Business & investing
€49.04€34.33
Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue
Larry Clinton
Business & investing
€41.95
From Conflict to Convergence: Coming Together to Solve Tough Problems
Robert Fersh
Business & investing
€18.99
ISO 27001/ISO 27002: A guide to information security management systems
IT Governance Publishing
Computers & technology
€18.52€12.96