6 Basic steps in ISO 27001 Risk Assessment and Treatment
ISO 27001 Certification is a particularization for an Information Security Management System (ISMS) . It is a part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. Risk Assessment it is the major and important part at the beginning of Information Security Management System. It is the overall process of risk identification, risk analysis and risk evaluation. Risk analysis is the process to understand the nature of risk and to determine the level of risk. Risk analysis provides the basis for risk evaluation and decisions about risk treatment and includes risk estimation. The organization’s risk assessor will recognize the risks and hazards that an organization is facing and leads a risk assessment. The risk as