Information security risk management for ISO27001 / ISO27002 /
Alan Calder, Steve G. Watkins.
- Reino unido : IT governance publishing, 2010.
- ix, 186 p. ; 22 cm.
Incluye apéndices: I. Carrying out an ISO27001 risk assessment using Vsrisk --II. ISO27001 implementation resources book by same authors.
1. Risk management -- 2. Risk assessment methodologies -- 3. Risk management objectives -- 4. Roles and reponsibilites -- 5. Risk Assessment software -- 6. Information security policy and scoping -- 7. The ISO27001 risk assessment -- 8. Information assets -- 9. Threats and vulnerabilities -- 10. Impact and asset valuation -- 11. Likelihood -- 12. Risk Level -- 13. Risk Treatment and the selection of controls -- 14. The statement of applicability -- 15. The gap analysisi and risk treatment -- 16. Repeating and reviewing the risk