Information Security Risk Management Handbook

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BIP 0076

Information security risk management. Handbook for ISO/IEC 27001

Status : Current   Published : April 2010



Download free sample pages

Information Security Risk Management: Handbook for ISO/IEC 27001

Edward Humphreys

The key handbook on how to implement ISO/IEC 27005 (Information Security: Risk Management).

This book is a practical handbook for the use and application of ISO/IEC 27005. It provides specific guidance and advice to support the implementation of requirements defined in ISO/IEC 27001 that relate to risk management processes and associated activities.

The book focuses on having an information security management system (ISMS) as a framework for achieving the effective management of information security risks.

International standard ISO/IEC 27001 is a world recognised standard for establishing, implementing, monitoring and reviewing, updating and improving an ISMS. ISO/IEC 27005 is an ISMS risk management standard that supports the implementation of ISO/IEC 27001.  

If you are a business manager or are involved in ISMS risk management activities, this book will provide practical advice and guidance on managing information security risks.

The book is full of practical advice and guidance on managing information security risks. It provides a framework for professionals to make business decisions as well as understanding common risk practices that enable an organization’s information to be effectively protected, based on the risks they face.

Professionals working in the fields of either information security or risk management will find this a useful reference, as it is based on international practices, methods and standards. It will assist those that implement the international standard ISO/IEC 27001 information security management system (ISMS).

Contents of the handbook on managing information security risks contain:

  • Introduction
  • Nature of the information security risk landscape
  • Risk management framework
  • Risk assessment
  • Risk treatment
  • System of risk controls
  • Risk monitoring and reviews
  • Risk control improvements
  • Documentation system
  • Audits and reviews
  • Standards
  • Definitions
  • Examples of legal and regulatory compliance
  • Examples of assets, threats, vulnerabilities and risk assessment methods.

“How to manage the risks of insider trading, and disgruntled staff hacking into computer systems and stealing? This well laid out book takes you through the risk assessment, and controls (’a measure that is modifying risk’), and not forgetting monitoring and reviews (all documented)…” Professional Security Magazine

Read the complete review of this book for information security by

About the author

Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world.

He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines.

He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.

Also available for managing information security risk

BS ISO/IEC 27005:2008
Information technology. Security techniques. Information security risk management

BS ISO/IEC 27002:2005, BS 7799-1:2005,BS ISO/IEC 17799:2005
Information technology. Security techniques. Code of practice for information security management

BS ISO/IEC 27001:2005/BS 7799-2:2005
Information technology. Security techniques. Information security management systems. Requirements

Find information security standards and guidance

Browse BSI's information security guidance books

Standard NumberBIP 0076
TitleInformation security risk management. Handbook for ISO/IEC 27001
Publication Date01 April 2010
Cross ReferencesISO/IEC 27001, ISO/IEC 27005
DescriptorsData processing, Computers, Management, Data security, Data storage protection, Risk assessment, Risk analysis, Data management, Information exchange, Business continuity, Anti-burglar measures, Documents IT and Information Management: Information Security
ISBN978 0 580 60745 5
File Size3.948 MB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance

Worldwide Standards
We can source any standard from anywhere in the world

Collaborate, Innovate, Accelerate.


The faster, easier way to work with standards

Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BIP 0071:2013
    Guidelines on Requirements and Preparation for ISMS Certification based on ISO/IEC 27001
  • BIP 0074:2006
    Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001