Information Security Risk Management for ISO27001/ISO27002

Alan Calder & Steve G. Watkins

Language: English

Publisher: IT Governance Ltd

Published: Apr 27, 2010

Description:

Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.