Title
Information security management systems - Part 3: Guidelines for information security risk management
Executive summary
Guidance on information security risk management systems.
Abstract
This British Standard provides guidance to support the requirements given in BS ISO/IEC 27001:2005 regarding all aspects of an ISMS (Information Security Management System) risk management cycle. This cycle includes assessing and evaluating the risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls.
The focus of this standard is effective information security through an ongoing programme of risk management activities. This focus is targeted at information security in the context of an organization’s business risks.
The guidance set out in this British Standard is intended to be applicable to all organizations, regardless of their type, size and nature of business.
This standard is also intended for those business managers and their staff involved in ISMS risk management activities.
Type
Guidelines
History and related standards
This British Standard includes the cross reference: BS ISO/IEC 27001:2005.
