ISO 27001 establishes the requirement that information security risk management is a critical component of an information security management system. This six-step guide walks organisations through the necessary risk assessment and the methods to address any concerning areas.
Step 1: Identify the Risk
Step 2: Identify the Person Responsible
Step 3: Prioritise Risks
Step 4: Associate the Risks with Controls
Step 5: Create a Treatment Plan for the Risks
Step 6: Risk Monitoring and Review
Companies need to stay on top of the changing risk landscape. Risk monitoring encompasses accounting for any assets that have been added to the infrastructure, new threats that have emerged, potential vulnerabilities and any security incidents.
Risk assessment and treatment is a critical part of compliance with ISO 27001. Organisations that have questions about managing their risks can work with an ISO 27001 consultant to ensure that they have everything covered.