ISO/IEC 27001 is a specification for an Information Security Management System (ISMS). It contains an annex, Annex A, which catalogues a wide range of controls and other measures relevant to information security. At first view, it appears that all an organisation has to do is select the controls that it believes that it needs from this catalogue. However, there is a requirement to carry out a risk assessment. The purpose of this is to identify the controls that are actually required. Over the years arguments have raged between the users of ISO/IEC 27001as to the relative importance and relationship between these two requirements. This paper reports on research carried out by Gamma Secure Systems Limited (Gamma) over the period January 2007 ...
The purpose of this study was to diagnose the degree of risks suffered by the information and assets...
The master thesis has analytical character and focuses on information security issues in enterprises...
Risk management is the process of risk identification, risk assessment and taking steps to reduce th...
Information security is intended to protect the confidentiality, integrity and availability of infor...
Expert guidance on planning and implementing a risk assessment and protecting your business informat...
Organizations must be committed to ensuring the confidentiality, availability, and integrity of the ...
Realizing security and risk management standards may be challenging, partly because the descriptions...
Abstract. Realizing security and risk management standards may be challeng-ing, partly because the d...
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the boo...
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organization...
The technological scenario always played a critical role in Information Security. However, in recent...
The flexibility of digital information can be regarded as a great strength. As software and hardware...
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Se...
Ideal for risk managers, information security managers, lead implementers, compliance managers and c...
With the increasing significance of information technology, there is an urgent need for adequate mea...
The purpose of this study was to diagnose the degree of risks suffered by the information and assets...
The master thesis has analytical character and focuses on information security issues in enterprises...
Risk management is the process of risk identification, risk assessment and taking steps to reduce th...
Information security is intended to protect the confidentiality, integrity and availability of infor...
Expert guidance on planning and implementing a risk assessment and protecting your business informat...
Organizations must be committed to ensuring the confidentiality, availability, and integrity of the ...
Realizing security and risk management standards may be challenging, partly because the descriptions...
Abstract. Realizing security and risk management standards may be challeng-ing, partly because the d...
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the boo...
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organization...
The technological scenario always played a critical role in Information Security. However, in recent...
The flexibility of digital information can be regarded as a great strength. As software and hardware...
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Se...
Ideal for risk managers, information security managers, lead implementers, compliance managers and c...
With the increasing significance of information technology, there is an urgent need for adequate mea...
The purpose of this study was to diagnose the degree of risks suffered by the information and assets...
The master thesis has analytical character and focuses on information security issues in enterprises...
Risk management is the process of risk identification, risk assessment and taking steps to reduce th...