ISO 27005 PORTUGUES PDF

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy. See our Privacy Policy and User Agreement for details. Published on Jul 1, Summary: Risk management is a trade-off between risks and costs.

Author:Voodoogal Arashishakar
Country:Bangladesh
Language:English (Spanish)
Genre:Relationship
Published (Last):6 October 2012
Pages:18
PDF File Size:10.47 Mb
ePub File Size:9.34 Mb
ISBN:718-2-67328-211-7
Downloads:25486
Price:Free* [*Free Regsitration Required]
Uploader:Samugar



Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website.

See our User Agreement and Privacy Policy. See our Privacy Policy and User Agreement for details. Published on Jul 1, Summary: Risk management is a trade-off between risks and costs. Risk treatment is no doubt essential for any business or individual to survive.

ISO elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East.

He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities. SlideShare Explore Search You. Submit Search. Successfully reported this slideshow. We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Upcoming SlideShare. Like this presentation? Why not share! Embed Size px. Start on. Show related SlideShares at end. WordPress Shortcode. Published in: Education. Full Name Comment goes here. Are you sure you want to Yes No. Soad Medhat. Show More. No Downloads. Views Total views. Actions Shares. Embeds 0 No embeds. No notes for slide. Risk treatment process b. Risk treatment options c. Risk treatment plan Risk treatment 2. Risk Treatment 3. Identification of existing controls 3.

Identification of vulnerabilities 3. Identification of consequences 4. Assessment of consequences 4. Risk Treatment 7.

Risk Acceptance 2. ContextEstablishment 9. Risk Monitoring and Review 3. Risk Identification 4. Risk Analysis 5. Risk Evaluation 7. Risk Management ProgrammeRisk Assessment 9. Risk Monitoring and Review 8. Risk Communication and Consultation 5. Risk Treatment Options ISO , clause 9 Risk Modification Introducing, removing or altering controls so that the residual risk can be reassessed as being acceptable Risk Retention The management decided to accept the actual level of risk Risk Sharing Decision to share risks with external parties: insurance or outsourcing Risk Avoidance Cancellation or modification of an activity or set of activities related to risk Risk Modification Risk Sharing Risk Retention Risk Avoidance 6.

Risk Modification ISO , clause 9. Risk Retention ISO , clause 9. Risk Avoidance ISO , clause 9. Risk Avoidance Examples 1. By ceasing certain activities e. By removing the assets from an area at risk do not store sensitive documents on the corporate Intranet, or move the servers to the 4th floor to avoid a risk of flooding 3.

Deciding not to exchange sensitive information with third parties if adequate protection is not guaranteed Risk Sharing ISO , clause 9. Risk Sharing Possible methods There are two main methods of risk sharing: 1. Insurance: Any other form of covering risks contracted by an organization in exchange for paying a premium 2. Outsourcing: Transfer of all or part of a business activity to an external partner Risk Treatment Options 2.

Risk Removal This option consists of removing the risk source. This option is feasible only in the unlikely event that the organization has the possibility of removing the source of the risk, which is not really applicable in information security Ex: Lobbying to have a law revoked. ISO , clause 5. Increasing Risk A risk treatment option? Increase the exposure to risk if the organization can take advantage of more opportunities 2.

Reduce the level of security control if the costs exceed the benefits Treated Risk Risk eliminated with controls 1. Residual Risk Risk remaining after treatment of risk Management must be aware of the residual risks and accept responsibility for them Inherent Risk All risks without accounting for controls 2 1 You just clipped your first slide! Clipping is a handy way to collect important slides you want to go back to later.

Now customize the name of a clipboard to store your clips. Visibility Others can see my Clipboard. Cancel Save.

EENADU CHITTOOR EDITION PDF

ISO/IEC 27005:2011

The BSI website uses cookies. By continuing to access the site you are agreeing to their use. With the increasing number of internal and external information security threats, organizations recognize the importance of adopting a formal risk management programme. This leaves organizations more susceptible to security breaches, which can lead to financial and reputational damage. This course aims to provide you with clear and practical guidance on the framework and steps involved to identify, analyse and manage information security risks. It will help you to review your existing risk treatments and controls and ensure they are appropriate to manage and reduce the identified risks. This will give you the confidence to get the most effective allocation of resources in place to address information security issues for your organization.

LIAHONA JUNIO 2011 PDF

ISO/IEC 27005:2018 Information Security Risk Management Training Course

Search this site. Information security controls are imperfect in various ways: controls can be overwhelmed or undermined e. Consequently, information security incidents are bound to occur to some extent, even in organizations that take their information security extremely seriously. The standard covers the processes for managing information security events, incidents and vulnerabilities. It cross-references that section and explain its relationship to the ISO27k eForensics standards.

DAQ 6212 PDF

.

Related Articles