Risk Management made simple.

The Risk Treatment

What is the purpose of Risk Treatment? The risk treatment is the process of implementation of controls and measures to modify an initial level of the risks. A Risk treatment plan must be developed (or designed) according to risk evaluation criteria. The plan should identify the risks ordered by priority according to which individual risk treatment will be implemented. The …

Read More

The Risk Register

What is a Risk Register? Every company must manage its risks and the best place to record those risks is the risk register. The Risk Identification represents an integral part of the overall risk management process. After all the risks have been identified, they must be assessed and then properly treated. All the risks in the company must be properly …

Read More

Benefits of Implementing an ISMS

Every asset in every organization must be protected and information is an asset which must be protected as well. During the evolution of human race the value of information is growing constantly. The higher the value of information the more effectively it must be protected. There are a lot of schemes and mechanisms for information protection. One of the most …

Read More

What is Qualitative and Quantitative Risk Assessment

Risk assessment requires considerable thought process and dedicated resources. There are two approaches to address risk – the qualitative and quantitative risk assessment. Qualitative approach takes into account various likelihoods of threat based upon experiences, expert opinions and logical inferences.  However quantitative risk assessment addresses the problem by assigning numbers to risk computed by various parameters. What is Qualitative Risk …

Read More

What is ISO 27001

When asking ourselves what ISO 27001 is, we should know that it represents a Standard of Information Security Management System formerly known as BS-7799. It was first published in 2005 by the International Organization for Standardization and was revised in 2013. ISO/IEC 27001 is a part of ISO 27000 family of standards. ISO 27001 specifies the Information technology Security techniques …

Read More

Types of Information Security Risks

Over the past few years, the importance to corporate governance of effectively managing risk has become widely accepted. The information security program is a critical component of every organisation’s risk management effort and provides the means for protecting the organization’s digital information and other critical information assets. Information security management means “keeping the business risks associated with information systems under …

Read More
ISO 27005 Risk Management

What is Risk Management?

Risk Management is the process of identifying, analysing and reducing risks. To understand risk management we first have to understand risks. Risk is the possibility of unwanted events happening which could affect the system in a negative or positive way. Examples of unwanted effects could be the degradation of performance of the system, destruction of any of the key component …

Read More

ISO 27001: 2013 differences from ISO 27001:2008

In October 2013 ISO launched the new edition of the 27001 Information security management standard. The major change of the Information Security Management standard is the structure. The new ISO/IEC 27001:2013 has been developed in accordance with Annex SL of the ISO directives which provides a standardized text suitable for all management system standards. The new structure of the standard …

Read More

What is Risk Assessment?

Risk assessment is the process of identification of risks followed by the analysis and evaluation. In an ISO 27005 perspective risk is computed by identifying, analysing and evaluating the extent that a particular entity could be affected by some situation or incident adversely. Factors like likelihood and impact determine the risk potential. Instead of one time activity, risk assessment is …

Read More

Risk Assessment Report

Risk is a combination of the consequences that would follow from the occurrence of an unwanted event and the likelihood of the occurrence of the event. There is no enterprise that operates without risk. It is an integral part of the business landscape. Not every risk is inevitable, however. When analyzed carefully, some risk is found to be the result …

Read More