Information security risk management is the process of identifying vulnerabilities to your information assets that could impact their confidentiality, integrity or availability along with the threats that could exploit those vulnerabilities – together these define the risk. The next step is to evaluate the risk to determine its severity, usually by considering the impact if…
Information security is all about ensuring the availbility, confidentiality and integrity of information assets (the CIA triad), however many organisations attempt the risk assessment phase of an information security programme without having clear visibility of what their information assets are or perhaps they are aware of some but haven’t prioritised nor modelled the threats against…
As anyone who has worked with ISO standards know, they can be a great tool in the right hands and ISO 27001 (the information security management standard) is no different. In the fast-changing world of information security however, some elements of the standard and it’s controls have dated and do not quite align with modern…
