RA toolkit

The essential suite for undertaking an independent risk assessment compliant with ISO/IEC 27001; supporting ISO/IEC 27002 and conforming to ISO/IEC 27005, whilst providing guidance to multiple internal Asset Owners.

Risk assessment is the core competence of information security management. This toolkit provides essential information, guidance & tools YOU NEED to undertake an effective ISO 27001 risk assessment.

The No 2 Risk Assessment Toolkit has the added benefit of supplying five soft cover versions of Risk Assessment for Asset Owners: A Pocket Guide. This enables you to provide a copy of the pocket guide to each member of staff involved in the ISO 27001 implementation, so that they can understand the risk assessment process.

 

What’s included?

Information Security Risk Management for ISO 27001/ISO 17799 (eBook): provides comprehensive guidance on risk management, in line with the requirements of ISO 27001. It is essential reading for anyone undertaking an ISO 27001 risk assessment.

The requirements for an ISMS are specified in ISO27001. Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management.

This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001.

 

vsRisk™- the Cybersecurity Risk Assessment Tool : vsRisk is a unique software tool designed to guide your organisation through the process of carrying out an information security risk assessment that will meet the requirements of ISO 27001:2005.

The contents of this toolkit provide clear, practical and comprehensive guidance on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard, and how to carry out a risk assessment that will help achieve corporate risk management objectives.

 

The Cybersecurity Risk Assessment Tool which:

  • Automates and delivers an ISO/IEC 27001-compliant risk assessment.
  • Assesses confidentiality, integrity &; availability for each of business, legal and contractual aspects of information assets – as required by ISO 27001.
  • Supports / conforms / complies to ISO/IEC 27001, ISO/IEC 27002, BS7799-3:2006,ISO/IEC TR 13335-3:1998, NIST SP 800-30 and the UK’s Risk Assessment Standard.
  • One year of support get all software updates and unlimited telephone and email support for a year.

vsRisk™ – the Cybersecurity Risk Assessment Tool comes in two forms – Standalone or Network-enabled (single user licence). vsRisk Network-enabled (single user licence) has exactly the same functionality as the vsRisk Standalone version – but can be installed on a network.

 

Risk Assessment for Asset Owners: A Pocket Guide (eBook):
This Pocket Guide to the ISO27001 risk assessment is designed to assist asset owners and others who are working within an ISO27001/ISO27002 (ISO17799) framework to deliver a qualitative risk assessment.

The contents of this toolkit provide clear, practical and comprehensive guidance on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard, and how to carry out a risk assessment that will help achieve corporate risk management objectives.

Benefits of a risk assessment

  • Stop the hacker. With a proper risk assessment, you can select appropriate controls to protect your organisation from hackers, worms and viruses, and other threats that could potentially cripple your business.
  • Achieve optimum ROI. Failure to invest sufficiently in information security controls is ‘penny wise, pound foolish’, since, for a relatively low outlay, it is possible to minimise your organisation’s exposure to potentially devastating losses.
  • Build customer confidence. Protecting your information security is essential if you want to preserve the trust of your clients and to keep your business running smoothly from day to day.
  • Comply with corporate governance codes. Information security is a vital aspect of enterprise risk management (ERM). An ERM framework is required by various corporate governance codes, such as the Turnbull Guidance contained within the UK’s Combined Code on Corporate Governance, and the American Sarbanes-Oxley Act (SOX) of 2002, and standards such as ISO310000.