Information Security Risk Management: Handbook for ISO/IEC 27001
The key handbook on how to implement ISO/IEC 27005 (Information Security: Risk Management).
This book is a practical handbook for the use and application of ISO/IEC 27005. It provides specific guidance and advice to support the implementation of requirements defined in ISO/IEC 27001 that relate to risk management processes and associated activities.
The book focuses on having an information security management system (ISMS) as a framework for achieving the effective management of information security risks.
International standard ISO/IEC 27001 is a world recognised standard for establishing, implementing, monitoring and reviewing, updating and improving an ISMS. ISO/IEC 27005 is an ISMS risk management standard that supports the implementation of ISO/IEC 27001.
If you are a business manager or are involved in ISMS risk management activities, this book will provide practical advice and guidance on managing information security risks.
The book is full of practical advice and guidance on managing information security risks. It provides a framework for professionals to make business decisions as well as understanding common risk practices that enable an organization’s information to be effectively protected, based on the risks they face.
Professionals working in the fields of either information security or risk management will find this a useful reference, as it is based on international practices, methods and standards. It will assist those that implement the international standard ISO/IEC 27001 information security management system (ISMS).
Contents of the handbook on managing information security risks contain:
- Nature of the information security risk landscape
- Risk management framework
- Risk assessment
- Risk treatment
- System of risk controls
- Risk monitoring and reviews
- Risk control improvements
- Documentation system
- Audits and reviews
- Examples of legal and regulatory compliance
- Examples of assets, threats, vulnerabilities and risk assessment methods.
“How to manage the risks of insider trading, and disgruntled staff hacking into computer systems and stealing? This well laid out book takes you through the risk assessment, and controls (’a measure that is modifying risk’), and not forgetting monitoring and reviews (all documented)…” Professional Security Magazine
Read the complete review of this book for information security by www.professionalsecurity.co.uk
About the author
Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world.
He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines.
He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.
Also available for managing information security risk
BS ISO/IEC 27005:2008
Information technology. Security techniques. Information security risk management
BS ISO/IEC 27002:2005, BS 7799-1:2005,BS ISO/IEC 17799:2005
Information technology. Security techniques. Code of practice for information security management
BS ISO/IEC 27001:2005/BS 7799-2:2005
Information technology. Security techniques. Information security management systems. Requirements
Find information security standards and guidance
Browse BSI's information security guidance books