07 February 2014

Understanding Information Security Risk Assessment

This morning I am firmly back on the shores of http://www.iso27001security.com/ and looking around again.  Apparently, there’s a discussion forum and a members area which you have to join to access.  The membership criteria are written to deter the unworthy from joining or so to speak.  I write an application which explains I am a management consultant who may be doing this kind of work for clients.  I also say that I could add a review of Alan Calder’s book which I have just read.  I am hoping for an immediate reply but I don’t get one – I’ll have to wait.

Having partially cracked the Statement of Applicability puzzle I am now looking for stuff to help me understand Risk Assessment – or  at least risk assessment as it specifically applies to ISO27001.  Continuing with my swimming in the sea analogy, http://www.iso27001security.com/ does seem to be like a desert island with a few trees of fruit in the middle of an vast ocean.  In my anaology, the ocean represents internet or life (depending on how profound you want to be) and it is devoid of any  information about iso27001.)

My mind temporarily skips to BBC Radio 4’s desert island disks which I have always listened to and also wanted to play.  I think that if I was marooned on this desert island, I certainly wouldn’t choose the ISO 27001 standard or even a Statement of Applicability to go alongside the bible and the complete works of Shakespeare.  Would my one luxury on the desert island might be a fully certified, UKAS approved integrated management system for a secure data destruction company?  I think not but I’d love to have one of those on this temperate island (Britain), right now and be at the end of all this!

Leave a Reply

*