/EINPresswire.com/ Vigilant Software Ltd, the one-stop shop for ISO 27001 information security and risk management, has made the ISO 27001 Risk Assessment white paper available on its website: www.vigilantsoftware.co.uk/completing-your-risk-assessment.aspx. The white paper is an essential source of information to anyone carrying out a risk assessment in the ISO 27001 environment.
It is extremely useful for both, professionals and first-time risk assessors, but most importantly – for organisations heading towards ISO 27001 certification.
The white paper is also useful for managers, directors and IT specialists who operate within information security management systems (ISMS). In clear and easy to understand language, the white paper contains references to essential solutions that can greatly improve the risk assessment process.
In the knowledge economy, organisations have to be able to protect their information assets. Information security management has therefore become a critical corporate discipline. The international information security standard is ISO 27001 (www.vigilantsoftware.co.uk/product/1657.aspx). Under ISO 27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. The risk assessment must, for each asset within scope, identify the threat/vulnerability combinations that have a likelihood of impacting the confidentiality, integrity and availability (CIA) of that asset – from a business, compliance or contractual perspective.
Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment in relation to identified risks and specific information assets. Risk assessment enables expenditure on controls to be balanced against harm likely to result from security failures (www.vigilantsoftware.co.uk/completing-your-risk-assessment.aspx).
The white paper seeks to explain and unravel some of the issues surrounding the risk assessment process. ISO 27001 looks at a risk assessment as a requirement in order to “Plan” an organisation’s requirements for a security management system, and is only one part of a wider “Plan-do-check-act” (PDCA) continual improvement cycle.
Organisations can download this unique free white paper on ISO 27001 risk assessment by following the link below:
vsRisk™ is the definitive ISO27001:2005-comapliant information security risk assessment tool (www.vigilantsoftware.co.uk/product/1642.aspx). It has been designed with the user in mind and for the first time empowers the user to comply with the requirements of ISO 27001:2005 and effectively assess and align their total assets with their objective (www.vigilantsoftware.co.uk/product/1657.aspx).
Organisations can obtain this tool from the following page: