One of the governing elements in ISO 27001 is the requirement that information security be based on the actual risks to which the organisation is exposed. In general, this activity is known as risk management.
This document describes the method that we recommend organisations use in risk management. The method has been based on ISO 27005, the standard for Risk Management.
Download the guide to:
- Gain knowledge about risk management
- Learn how to do risk assessment
- Take control of your risk treatment