Risk Assessment Explained

Given the increasing desire of businesses to be certified to ISO27001, risk assessment has emerged as an important skill for the infosec professional. While it is well-established in other areas, risk assessment is new to many in technology and requires mastering. There are various approaches, but ISO 27001 has particular requirements and compliance and certification can only be achieved if the right method is used. We have launched two new books to help different types of professional get the information they need in this area.

‘Risk Assessment For Asset Owners’ is a pocket guide aimed at people who need a quick overview of the facts. It is ideal for senior executives, people with peripheral involvement in a risk assessment or those who need a clear and concise place to start. Over 48 pages it explains the risk assessment requirements of ISO 27001 and how the entire assessment process should be managed, from identifying assets and assessing threats to selecting appropriate risk treatments and controls. The book is the latest in our series of Practical Information Security pocket guides and is available for only £7.95 / US$15.92/ EUR11.81 from.

For people directly responsible for conducting risk assessments a more detailed account is necessary, so we have also introduced ‘Information Security Risk Management for ISO27001/ISO17799’. Over 196 pages this provides step-by-step guidance on matters such as Impact and Asset Valuation, Risk Treatment and the Selection of Controls, and The Gap Analysis and Risk Treatment Plan. It also gives advice on the use of risk assessment tools, including vsRisk [link to item above]. Priced at £39.95/US$79.98/EUR59.37 it can be obtained from IT Governance here.