Abriska 27001 - Information Security ISO 27001 Risk Management Tool

Business Challenge

To reduce the risk of an organisation suffering from a information or cyber security incident, an information security management system (ISMS) should be developed. The best practice approach to developing an ISMS is detailed within ISO 27001, this standard requires that an organisation undertake a risk assessment to ensure that the controls that an organisation implements are appropriate for the type of information that you store, process or transmit. The current best practice for undertaking an information security risk assessment is to:

  • Identify the information that you are trying to protect
  • Understand where that information is stored, processed or transmitted - e.g. IT systems, people or third parties
  • Identify the risks associated with your information by understanding the threats, vulnerabilities and controls
  • Calculate the levels of risk, apply a consistent risk strategy and determine an appropriate risk treatment action
  • Delivering a risk treatment plan (RTP) and statement of applicability (SoA).

The cornerstone of ISO 27001 is the need to build the ISMS on a sound assessment of information risks.

How Abriska 27001 Delivers Effective Information Security Risk Assessment

Abriska 27001 has been specifically developed to enable you to undertake an information security risk assessment that is both in line with the requirements of ISO 27001 but appropriate to the size and sector of your organisation. Abriska comes preloaded with all of the ISO 27001:2013 controls, example threat and vulnerability libraries and these items are linked to ensure that you're able to start undertaking risk assessments straight away. Abriska has supported over 200 successful ISO 27001 certification projects.

Read the Abriska 27001 product sheet for a full breakdown of the methodology and benefits of Abriska