1.2 KiB
1.2 KiB
About ISO 27000
Chapter 3: Terms and Conditions
- 3.39 level of risk = magnitude of a risk expressed as the combination of consequences and their likelihood
- 3.40 likelihood = chance of something happening
- 3.57 residual risk = risk remaining after risk treatment
- 3.61 risk = effect of uncertainty on objectives (positive or negative) – Note 5 to entry: In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives"
- 3.62 risk acceptance = informed decision to take a particular risk – (but still subject to monitoring and review as per note 2 to the entry)
Chapter 4: ...
4.2.4 Management
"In terms of an ISMS, management involves the supervision and making of decisions necessary to achieve business objectives through the protection of the organization's information assets. Management of information security is expressed through the formulation and use of information security policies, procedures and guidelines, which are then applied throughout the organization by all individuals associated with the organization."