• (0)
    ISO-27001-ISO-22301-blog

    Tag: “Risk Assessment”

    Explanation of the most common business continuity terms
    The pandemic has increased organizations’ interest in business continuity, as a way to protect themselves against disruption of their operations....
    The pandemic has increased organizations’ interest in business continuity, as a way to protect themselves against disruption of their operations. However, in most cases, there is no time to wait for learning about business continuity...
    How to prioritize security investment through risk quantification
    Think of a circus juggler balancing dishes, bowls, and other flat objects on sticks. He needs to pay constant attention...
    Think of a circus juggler balancing dishes, bowls, and other flat objects on sticks. He needs to pay constant attention so as not to let them fall, rotating them at sufficient speed and at the...
    Qualitative vs. quantitative risk assessments in information security: Differences and similarities
    In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a...
    In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact,...
    ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification
    One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management...
    One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment anymore. While it...
    Risk assessment vs. internal audit in ISO 27001 and ISO 22301
    Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those...
    Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those checklists to help them with, e.g., which information does the organization have, who has access...
    Risk appetite and its influence over ISO 27001 implementation
    Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those...
    Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational...