Based on a risk management approach, an Information Security Management System based on ISO 27001 helps identify which risks are most relevant for the data you want to secure, and by means of ISO 27001 Annex A you can define proper security controls to be implemented.
In the long term, an ISMS based on ISO 27001 also helps continuously monitor controls performance and relevant risks, so the risks are always kept on acceptable levels.
These articles will provide you with further explanation about ISO 27001 risk management:
- 6 main steps in risk management https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
- Risk assessment methodology https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section3
- Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Jun 22, 2022