April 25, 2024
One of the core requirements of the ISO 27001 standard for information security is that organizations perform a formal risk assessment that identifies, analyzes and evaluates the risks facing an organization. Recent revisions to the standard removed requirements that dictated the specific process an organization must follow to achieve those standards, but organizations adopting ISO may consider using the ISO 31000 risk management process. ISO 31000 proposes a three-stage process for risk management that conforms to industry-accepted best practices.
Read the full article: Three Stages of ISO 31000 Risk Management
Published November 2014 on SearchSecurity
Leave a Reply