Question

In: Operations Management

ISO/IEC 27005 - Description of the standard (What does it cover?) The intent of standard (How...

ISO/IEC 27005 -

Description of the standard (What does it cover?)

The intent of standard (How does it address what it intends to cover?)

How would this standard be applied in a mid-sized organization?

Solutions

Expert Solution

ISO/IEC 27005 is the international standard that describes how to conduct an information security risk assessment in accordance with the requirements of ISO 27001. The standard provides guidelines for information security risk management and supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.

The standard is intended to guide organizations about the importance of recording and assessing the risks in a structured sequence of events. The standard does not recommend any specific risk management method. Few activities which the standard suggests the organizations to follow are:

  • To establish the scope, compliance obligations, and the risk management method for the organization.
  • Assess the relevant information risks involving, assets, threats, controls, and vulnerabilities in case of an incident.
  • Prioritize the risks with threat levels
  • Keep the stakeholders informed throughout the process with periodic updates
  • Monitor the risks on an ongoing basis while responding to significant changes

A mid-sized organization can give the responsibility to individual department managers and conduct a weekly or a monthly risk assessment meeting to bring everyone on the same page. The Risk Register can be discussed and actions can be worked on in the inter-departmental meetings. Every department should identify the risks and assign priority to them.


Related Solutions

What is the intent of the CAPM? What is it trying to tell investors and how...
What is the intent of the CAPM? What is it trying to tell investors and how might it impact an investor's stock selection decisions?
What are the differences between ISO 9001:2008 and ISO 9001:2015?
What are the differences between ISO 9001:2008 and ISO 9001:2015?
What is the ISO/IEC FDIS17025 INTERNATIONAL STANDARD and what is used for becaus our professor wants us to know
What is the ISO/IEC FDIS17025 INTERNATIONAL STANDARD and what is used for becaus our professor wants us to know what we understand from the offical draft paper General requirements for the competence of testing and calibration laboratories
what is the statue of frauds and what types of agreement does it cover? What is...
what is the statue of frauds and what types of agreement does it cover? What is /are public policy reasons for the statue of frauds?
What are the three categories of torts? What does the UCC Section 2 cover? What does...
What are the three categories of torts? What does the UCC Section 2 cover? What does the UCC Section 2a cover? What are the differences between contract law and UCC law? What is a sale? What is a merchant? What is the difference between goods and services? What is the predominant rule? What terms does the UCC allow to be open? What cannot be open? What is a merchant’s firm offer? What are a person’s alternatives if they are sent...
give a description of how vaccines work. What do we inject and how does this give...
give a description of how vaccines work. What do we inject and how does this give us immunity? Be specific about how the cells work.
Describe the four major phases of the ISO LCA Standard: Name and describe in a few...
Describe the four major phases of the ISO LCA Standard: Name and describe in a few sentences each of the four major phases found in the ISO LCA standard.
Must be in python The ISO 8601 Standard date format for Information Interchange indicates that a...
Must be in python The ISO 8601 Standard date format for Information Interchange indicates that a date be written as such: yyyy-MM-dd (eg. 2012-07-02, 1999-12-05, 1998 -01-27 )    where yyyy represents the four digit year MM represents a two digit numerical month dd represents a two digit numerical day Chinese date format is specified as: yyyy-M-d Macedonean date format is specified as: d.M.yyyy. where yyyy represents the four digit year M represents a one or two digit numerical month,...
What is the main intent in the movie “Pearl of the Deep”
What is the main intent in the movie “Pearl of the Deep”
Law of Accountants: -What is a security interest -What does Art 9 of the UCC cover-and...
Law of Accountants: -What is a security interest -What does Art 9 of the UCC cover-and hat is not covered -What does the word attachment mean under Art. 9 -What is required for a security interest to be perfected-how does perfection happen -Why do we care about all of this -Have you ever thought about how many credit transactions happen every day for purchases of things, not real estate? How much money do you think is involved?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT