Information Security Risk Management for ISO27001 / ISO27002

Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives.

September 01, 2011 /24-7PressRelease/ — Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives. As a result, IT security has come to the forefront and the ISO 27001 information security standard has been embraced by numerous organisations worldwide as a best practice approach for implementing Information Security Management System (ISMS).

Risk assessment plays an important role in managing ISO 27001 controls. This is the part with which many project managers struggle when implementing an ISMS. Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment in relation to identified risks and specific information assets. Therefore it is imperative that a thorough risk assessment is being undertaken and no risk is left unexplored. Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.

IT Governance Ltd, the global leader in information security products and services, has developed a risk assessment tool, vsRisk, that automates and accelerates the risk assessment process. It enables project managers to monitor the day-to-day execution and management of the controls as well as generating reports for audit purposes.

Uniquely, vsRisk (www.itgovernance.co.uk/products/744) can assess the confidentiality, integrity and availability for each of the business, legal and contractual aspects of information assets, as required by the ISO 27001 standard. The tool can serve as a day-to-day operational tool, showing at a glance where an organisation stands in its progress towards ISO 27001 compliance. A free trial version can be requested here www.itgovernance.co.uk/iso27001-risk-assessment.aspx

Alan Calder, CEO of IT Governance, comments, “vsRisk reduces the time and cost of undertaking an ISO 27001-compliant risk assessment. It simplifies each step of an ISO 27001 risk assessment, allowing compliance project managers to capture their information security policy and objectives, plus the scope of their information security management system, and undertake a rapid appraisal of all key areas, including groups, assets and owners. ”

vsRisk (www.itgovernance.co.uk/products/744) offers an in-built audit trail, comparative history, comprehensive reporting and gap analysis that radically reduces the manual record keeping traditionally associated with risk assessments. The tool minimises the need for specialist knowledge and significantly undercuts the cost of generalist risk management tools, thus, making ISO27001 compliance achievable for a far wider range of organisations and professionals.

As well as supporting ISO/IEC 27001:2005 and ISO/IEC 27002, vsRisk v1.5 complies with BS7799-3:2006, ISO/IEC 27005, NIST SP 800-30 and the UK’s Risk Assessment Standard.

vsRisk is produced by Vigilant Software, the specialist software subsidiary of IT Governance and can be purchased online from www.itgovernance.co.uk/products/744.