Information Security Risk Management. Handbook for ISO/IEC 27001
Edward Humphreys
The key handbook on how to implement ISO/IEC 27005
(Information Security: Risk Management). 
This book is a practical handbook for the use and application of ISO/IEC 27005. It provides specific guidance and advice to support the implementation of requirements defined in ISO/IEC 27001 that relate to risk management processes and associated activities.
The book focuses on having an information security management system (ISMS) as a framework for achieving the effective management of information security risks.
International standard ISO/IEC 27001 is a world recognised standard for establishing, implementing, monitoring and reviewing, updating and improving an ISMS. ISO/IEC 27005 is an ISMS risk management standard that supports the implementation ofISO/IEC 27001.
If you are a business manager or are involved in ISMS risk management activities, this book will provide practical advice and guidance on managing information security risks.
The book is full of practical advice and guidance on managing information security risks. It provides a framework for professionals to make business decisions as well as understanding common risk practices that enable an organization’s information to be effectively protected, based on the risks they face.
Professionals working in the fields of either information security or risk management will find this a useful reference, as it is based on international practices, methods and standards. It will assist those that implement the international standard ISO/IEC 27001 information security management system (ISMS).
Contents of the handbook on managing information security risks contain:
- Introduction
- Nature of the information security risk landscape
- Risk management framework
- Risk assessment
- Risk treatment
- System of risk controls
- Risk monitoring and reviews
- Risk control improvements
- Documentation system
- Audits and reviews
- Standards
- Definitions
- Examples of legal and regulatory compliance
- Examples of assets, threats, vulnerabilities and risk assessment methods.
About the author
Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world.
He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines.
He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.
- Home
- Getting started with Business Continuity Management
- Becoming certified to BS 25999
- Useful BCM resources
- BCM News and Events
- Case studies BCM
- Training and Advice
- Webinars
- 10 things you should know about Business Continuity Management
- FAQ US Title IX | Private Sector Preparedness PS-Prep
Email Newsletter
Subscribe to our newsletter to receive the latest Business Continuity Management news and information. Training courses
View our Business Continuity training courses offered worldwide.
These cover every aspect of BS 25999, the world's first British standard for BCM. 
