Rating: 0 out of 5 stars
0 ratings
Ebook69 pages49 minutes
ISO 27001 Risk Management in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses
Rating: 4 out of 5 stars
4/5
()
About this ebook
“Risk management is the central idea of ISO 27001. And, the way ISO 27001 tells you to achieve this tailor-made suit is to perform risk assessment and risk treatment.” This book, ISO 27001 Risk Management in Plain English, is a quick read for people who are focused solely on risk management. It has one aim in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 27001 risk assessment and treatment – without struggle, stress, or headaches.
ISO 27001 Risk Management in Plain English is written primarily for beginners in this field and for people with moderate knowledge about risk assessment and treatment. It is structured in such a way that someone with no prior experience or knowledge about information security can quickly understand what it is all about, and how to implement the whole risk management project. However, if you do have experience with ISO 27001, but feel that you still have gaps in your knowledge, you’ll also find this book very helpful.
This book will give you a complete overview of risk management according to ISO 27001. It will also explain the differences between risk management in ISO 27001 and other risk-oriented standards, such as ISO 27005 and ISO 31000. You will learn the five main steps in the risk management process, the purpose of risk assessment, and how to perform it.
“In my experience, the employees (and the organization as a whole) are usually aware of only 25 to 40% of risks,” says author Dejan Kosutic. “Therefore, a thorough and systematic process needs to be carried out to find out everything that could endanger the confidentiality, integrity, and availability of their information.”
This book will serve as your complete guide to ISO 27001 risk management. From the simple explanation of requirements, steps in risk management, development of methodology, and which documents are required for risk management – you will quickly see that this is the only book you’ll ever need on the subject.
Read more from Dejan Kosutic
Secure & Simple – A Small-Business Guide to Implementing ISO 27001 On Your Own: The Plain English, Step-by-Step Handbook for Information Security Practitioners
Related to ISO 27001 Risk Management in Plain English
Titles in the series (6)
ISO 27001 Annex A Controls in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses Rating: 0 out of 5 stars0 ratings
Related ebooks
ISO 27001 Annex A Controls in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses Rating: 0 out of 5 stars0 ratingsISO27001/ISO27002:2013: A Pocket Guide Rating: 4 out of 5 stars4/5ISO 27001 Controls – A guide to implementing and auditing Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5Risk Management and ISO 31000: A pocket guide Rating: 0 out of 5 stars0 ratingsRisk Management Simplified: A Definitive Guide For Workplace and Process Risk Management Rating: 5 out of 5 stars5/560 Minute Operational Risk Management Rating: 5 out of 5 stars5/5Guide to effective risk management 3.0 Rating: 0 out of 5 stars0 ratingsThe Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security Rating: 0 out of 5 stars0 ratingsISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsNine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 3 out of 5 stars3/5ISO IEC 27001 Lead Implementer A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsImplementing an Integrated Management System (IMS): The strategic approach Rating: 5 out of 5 stars5/5Adaptive Business Continuity: A New Approach Rating: 0 out of 5 stars0 ratingsApplication security in the ISO27001:2013 Environment Rating: 4 out of 5 stars4/5ISO/IEC 27001:2022: An introduction to information security and the ISMS standard Rating: 5 out of 5 stars5/5ISO 27001 Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsISO 27005 A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsISO 27001 A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsAn Introduction to Information Security and ISO27001:2013: A Pocket Guide Rating: 4 out of 5 stars4/5ISO 27005 A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5ISO IEC 27001 2013 Standard Requirements Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsISO 27001 A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsISO IEC 27001 Lead Auditor A Complete Guide - 2019 Edition Rating: 5 out of 5 stars5/5ISO 31000 Risk Management Best Practice A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Navigating the Cybersecurity Career Path Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption Rating: 0 out of 5 stars0 ratingsThrough the Firewall: The Alchemy of Turning Crisis into Opportunity Rating: 0 out of 5 stars0 ratingsThe Art of Attack: Attacker Mindset for Security Professionals Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5
Related podcast episodes
064: Is Your Safety Management System ISO 45001 Ready?: Download the safety checklist 0% found this document useful080: SMS Pt 1 - Safety Management System Defined: What is a Safety Management System (SMS)? 0% found this document useful#63 Epiq's Information Security Journey: With guest Dinesh Sharma 0% found this document useful083: SMS Pt 4 - What Does ISO 45001 Require?: Safety Management System overview 0% found this document usefulStop procratinating and get started now with Eric Twiggs 0% found this document usefulConnecting Continuous Improvement to the Bottom Line - Webinar Recording, KaiNexus & Nick Katko 0% found this document useful[Preview] Connecting Continuous Improvement to the Bottom Line — Webinar 0% found this document usefulHow to Navigate Scheduling Issues for Nurse Practitioners 0% found this document useful393. Purposeful Productivity with Nick Sonnenberg 0% found this document usefulThe Mental Health Minefield: How do you lead? 0% found this document usefulHow to Succeed at Getting to Hello: Viveka von Rosen from Vengresso talks about social prospecting. 0% found this document useful5 Achieve More by Performing Less [with Eduardo Briceño] 0% found this document useful
Related articles
Vulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.Article
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min read“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster” PC Pro MagazineArticle
“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster”
Apr 10, 2022
6 min readThe Most Underrated Skill in Management Rotman ManagementArticle
The Most Underrated Skill in Management
Sep 1, 2018
7 min readBuilding Resilience In Testing Times NZBusiness and ManagementArticle
Building Resilience In Testing Times
Oct 28, 2020
4 min readSimplicity In Marketing: Top Techniques MarketingArticle
Simplicity In Marketing: Top Techniques
Aug 12, 2018
9 min readThe Forgotten Part Of Health And Safety NZBusiness and ManagementArticle
The Forgotten Part Of Health And Safety
Apr 22, 2020
2 min readTactical Appreciation PRIVATE GAME WILDLIFE RANCHINGArticle
Tactical Appreciation
Aug 15, 2018
5 min readCybersecurity Made Simple: Taming The Password The European Business ReviewArticle
Cybersecurity Made Simple: Taming The Password
Mar 1, 2022
8 min readTake Back Control The European Business ReviewArticle
Take Back Control
May 22, 2018
11 min readBecoming Adaptable In An Uncertain World ThinkSalesArticle
Becoming Adaptable In An Uncertain World
May 26, 2022
3 min readTrim the Fat From Your Startup EntrepreneurArticle
Trim the Fat From Your Startup
Feb 1, 2014
2 min readApproaching Risk from The Boardroom The European Business ReviewArticle
Approaching Risk from The Boardroom
Dec 2, 2022
Looking into risk from the perspective of the boardroom demands a note on the concept of corporate governance itself and the resulting implications. Shareholders are the principals and need to have their rights protected; management is nominated and
7 min readGetting It Done Rotman ManagementArticle
Getting It Done
Sep 1, 2020
You developed the GettingItDone® management system and have been teaching it to Rotman MBA students for 19 years. What are its key principles? The system applies the thinking of three well known management gurus. The first is the late-great Peter F.
5 min readWhat’s Next? Using The Coronavirus Crisis To Assess Your Business And Come Back Stronger Parents in BizArticle
What’s Next? Using The Coronavirus Crisis To Assess Your Business And Come Back Stronger
Jul 6, 2020
Many businesses are currently grappling with the impact that Covid-19 is having on their day-to-day life. It is a worrying time as businesses adjust to sudden changes in demands from consumers, and potentially having to literally stop trading. If you
3 min readData Security Standards Linux FormatArticle
Data Security Standards
Aug 24, 2021
A lot of engineers like to rail against standards as pointless box-checking and in some cases they are. Especially when it comes to things like PCI-DSS. Fundamentally, any engineer can look at PCI-DSS and say honestly that it’s obvious, and that all
1 min readFeature AdNewsArticle
Feature
May 22, 2022
4 min readApp To Support Employees In Speaking Up NZBusiness and ManagementArticle
App To Support Employees In Speaking Up
Aug 28, 2019
2 min readPro-actions Eco Living MagazineArticle
Pro-actions
Jun 16, 2021
https://pro-actions.com/ All businesses are like complicated ecosystems – lots of aspects have to be actioned together and efficiently to enable a successful business to work. A business tends only to be as strong as its weakest link. Pro-actions wor
2 min readAGILE: It Is All About Trust NZBusiness and ManagementArticle
AGILE: It Is All About Trust
Oct 22, 2019
6 min readWhy Leaders Need To Take A Risk-based Approach To Data Security NZBusiness and ManagementArticle
Why Leaders Need To Take A Risk-based Approach To Data Security
Jul 21, 2021
5 min readExpert Contributors ThinkSalesArticle
Expert Contributors
Aug 9, 2017
BOB HERBOLD is the former Chief Operating Officer of Microsoft Corporation and the author of three books on leadership. His latest, What’s Holding You Back: 10 Bold Steps that Define Gutsy Leaders was released in 2011 by Wiley/Jossey-Bass. More on th
2 min readTowards Mind-positive Workplaces Business TodayArticle
Towards Mind-positive Workplaces
Jan 23, 2020
4 min readCan You Teach Leadership? The European Business ReviewArticle
Can You Teach Leadership?
Dec 2, 2022
9 min readUtilising Technology For Sales Effectiveness NZBusiness and ManagementArticle
Utilising Technology For Sales Effectiveness
Jul 20, 2022
SALES & MARKETING LOGAN WEDGWOOD (MBA, MINSTD.) IS CEO OF STRATEGY EXECUTION ADVISORY FIRM, ADVISORY WORKS. WWW.ADVISORY.WORKS Why is it that some salespeople seemingly have all the natural capability they could ask for, but lack the performance to b
2 min readRunning Beyond Empty NZBusiness and ManagementArticle
Running Beyond Empty
Apr 20, 2022
6 min readMental Health Initiative For Business Owners NZBusiness and ManagementArticle
Mental Health Initiative For Business Owners
Jul 18, 2023
The recently launched Brave in Business e-learning series is a I new tool to help small business owner-operators to manage and improve their mental wellbeing. Made in partnership with MBIE, Spark Business Lab and The Institute of Organisational Psych
1 min readMyob Architectural Review Asia PacificArticle
Myob
Jun 6, 2018
Do your eyes glaze over at the above acronym? Are you someone for whom the details of tax/P&L/balance sheets and their ilk are necessary evils, and merely the tedious tasks through which you must trudge in order to get on with what you really love to
1 min readA Focus on ESG Cannabis & Tech TodayArticle
A Focus on ESG
Oct 19, 2021
2 min readA Scorecard for Your Financial Adviser KiplingerArticle
A Scorecard for Your Financial Adviser
Apr 24, 2019
Sometimes it can be difficult to fully grasp the value of a financial adviser. Do they mostly manage my money? Are they doing a good job for me? How would I even know? These are important questions that can often be difficult to answer. There ar
2 min read
Reviews for ISO 27001 Risk Management in Plain English
Rating: 4.125 out of 5 stars
4/5
8 ratings2 reviews
- Rating: 4 out of 5 stars4/5The author broke down the process of implementing ISO 27001 in a manner that is quite easy to understand. Well written.
- Rating: 4 out of 5 stars4/5The given guide and examples of risk guidance much practical.
Book preview
ISO 27001 Risk Management in Plain English - Dejan Kosutic
ISO 27001
Risk Management in Plain English
Also by Dejan Kosutic:
Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own
9 Steps to Cybersecurity: The Manager’s Information Security Strategy Manual
Becoming Resilient: The Definitive Guide to ISO 22301 Implementation
Dejan Kosutic
ISO 27001
Risk Management in Plain English
Step-by-step handbook for information security practitioners in small businesses
Advisera Expert Solutions Ltd
Zagreb, Croatia
Copyright ©2016 by Dejan Kosutic
All rights reserved. No part of this book may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without written permission from the author, except for the inclusion of brief quotations in a review.
Limit of Liability / Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. This book does not contain all information available on the subject. This book has not been created to be specific to any individual’s or organization’s situation or needs. You should consult with a professional where appropriate. The author and publisher shall have no liability or responsibility to any person or entity regarding any loss or damage incurred, or alleged to have been incurred, directly or indirectly, by the information contained in this book.
First published by Advisera Expert Solutions Ltd
Zavizanska 12, 10000 Zagreb
Croatia
European Union
http://advisera.com/
ISBN: 978-953-57452-8-0
First Edition, 2016
ABOUT THE AUTHOR
Dejan Kosutic is the author of numerous articles, video tutorials, documentation templates, webinars, and courses about information security and business continuity management. He is the author of the leading ISO 27001 & ISO 22301 Blog, and has helped various organizations including financial institutions, government agencies, and IT companies implement information security management according to these standards.
Click here to see his LinkedIn profile
TABLE OF CONTENTS
ABOUT THE AUTHOR
PREFACE
1 INTRODUCTION
1.1.WHO SHOULD READ THIS BOOK?
1.2 HOW TO READ THIS BOOK?
1.3 WHAT THIS BOOK IS NOT
1.4 WHY IS RISK MANAGEMENT THE CENTRAL PHILOSOPHY IN ISO 27001?
1.5 RELATIONSHIP BETWEEN ENTERPRISE RISK MANAGEMENT AND INFORMATION SECURITY MANAGEMENT
1.6 ISO 27001 VS. ISO 27005 VS. ISO 31000
1.7 ADDITIONAL RESOURCES
2 STEPS IN THE RISK MANAGEMENT
2.1 ADDRESSING RISKS AND OPPORTUNITIES (CLAUSE 6.1.1)
2.2 FIVE STEPS IN THE RISK MANAGEMENT PROCESS (CLAUSE 6.1)
2.3 WRITING THE RISK ASSESSMENT METHODOLOGY (CLAUSE 6.1.2)
2.4 RISK ASSESSMENT PART I: IDENTIFYING THE RISKS (CLAUSES 6.1.2 AND 8.2)
2.5 RISK ASSESSMENT PART II: ANALYZING AND EVALUATING THE RISKS (CLAUSES 6.1.2 AND 8.2)
2.6 PERFORMING RISK TREATMENT (CLAUSES 6.1.3 AND 8.3)
2.7 STATEMENT OF APPLICABILITY: THE CENTRAL DOCUMENT OF THE WHOLE ISMS (CLAUSE 6.1.3 D)
2.8 DEVELOPING THE RISK TREATMENT PLAN (CLAUSES 6.1.3, 6.2, AND 8.3)
2.9 REGULAR REVIEW OF THE RISK ASSESSMENT AND TREATMENT (CLAUSE 8.2)
2.10 SUCCESS FACTORS
3 MINI CASE STUDY: PERFORMING RISK ASSESSMENT IN A SMALL HOSPITAL
APENDIX - CATALOG OF THREATS AND
VULNERABILITIES
BIBLIOGRAPHY
LIST OF FIGURES
Figure 1: Relationship between enterprise risk management, information security, business continuity, IT, and cybersecurity
Figure 2: Five steps in the risk management process
Figure 3: Example of risk assessment table with identified risks
Figure 4: Example of full risk assessment table
Figure 5: Example of risk treatment table
Figure 6: Example of Statement of Applicability
Figure 7:
Enjoying the preview?
Page 1 of 1