ISO 27005 and the risk assessment process
ISO 27005 describes the risk management process for information and cyber security. It’s part of the ISO 27000 series, which means its advice is part of a wider set of best practices for to protect your organisation from data breaches. As with every standard in the series, ISO 27005 doesn’t outline a specific approach ... Read More
Conducting an asset-based risk assessment in ISO 27001:2013
ISO 27001 focuses heavily on asset-based planning. This ensures that the information security measures you adopt are appropriate to the threats you face – both in practicality and scale. There is no point implementing controls if what their protecting against is unlikely to be an issue. For example, securing all ... Read More
