Information security risk management is the process of identifying, analysing, evaluating, and treating risks associated with the loss of confidentiality, integrity and availability of the organisation’s information assets.

What are the risk management requirements of ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the leading international information security management system standard and one of its key features is that it is risk-based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account the organisation’s risk appetite and the information it is seeking to protect.

ISO 27001 clearly states in Clauses 6.1 what actions it expects an organisation to take in addressing risks. These actions include defining and applying processes for both assessing and treating information security risks. Further requirements around the operation of risk assessment and treatment are also specified in Clauses 8.2 and 8.3.

What is information security risk management software?

Information risk management software supports organisations by automating some of the processes involved and helping to identify, analyse and evaluate risks to an organisation’s information assets in a uniform, predetermined approach. The end result is that the process for assessing and managing all information risks is identical and risks can be treated based on the organisation’s risk appetite.

Download Abriska 27001 Product Sheet

We have been using Abriska to support us in carrying out the risk assessment that underpins our ISO27001 certification for some years now. It helps us to easily group and organise our assets, identify threats and vulnerabilities and determine justifiable risk scores. It centralises all of our risk assessment documentation and offers a range of useful extracts such as a statement of applicability and risk register that take much of the work out of the risk assessment process and allow us to focus on remediation.

Frontier Economics

Economic Consultancy

Services

About URM