A New Risk Management Standard Worth Looking At

The bulk of data protection laws and regulations require that security and privacy controls be established based upon the organization’s existing and unique risks. Many organizations struggle to find a way to effectivevly determine the risks that exist for their businesses. Often what results is similar to taking a shot in the dark to determine risks.

I’ve found many information security practitioners are not aware of the recently published risk management standard, ISO/IEC 27005:2008.
Check it out; it has some great and useful ideas and recommendations.

Tags: , , , , , , , ,

Leave a Reply