New British Standard – BS 7799-3:2006
Risk assessment is fundamental to developing an ISMS that meets the requirements of ISO 27001:2005.
And identifying, evaluating, treating and managing information security risks are key processes if businesses want to keep their information safe and secure. Whilst these processes are specified in the new information security standard ISO/IEC 27001:2005, further guidance is required on how to manage these risks as well as to put them in context with other business risks.
The new British Standard – BS 7799-3:2006 – provides this guidance and covers:
- Risk assessment
- Risk treatment
- Management decision making
- Risk re-assessment Monitoring and reviewing of risk profile
- Information security risk in the context of corporate governance
- Compliance with other risk based standards and regulations
BS 7799-3:2006 gives guidance to support the requirements given in ISO/IEC 27001:2005 regarding all aspects of an information security management system (ISMS) risk management cycle. This includes assessing and evaluating the risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls.
The focus of this standard is effective information security through an ongoing programme of risk management activities. This focus is targeted at information security in the context of an organization’s business risks.
The guidance set out in this Standard is intended to be applicable to all organizations, regardless of their type, size and nature of business. It is intended for those business managers and their staff involved in ISMS risk management activities.
Format: Electronic download (Zipped .PDF 03MB, governed by BSI's Copyright Terms and Conditions)
Other formats: ISMS Standards Kit (New Kit 20 - Download)
ISBN 10: 0580472477
ISBN 13: 9780580472473
Availability: Immediate download.
Order today for immediate download.
