This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
BENEFITS OF DOCUMENT
1. Learn about ISO 27001 2013 practices.
DOCUMENT DESCRIPTION
This module deals with the Clauses to ISO 27001 2013 programs.
2. 6.1 Actions to address risks and opportunities
6.1.1 General
When planning for the ISMS,
organization shall consider the
issues referred to in 4.1 and the
requirements referred to in 4.2.
4
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
3. 6.1.2 Information security risk assessment
Organization shall define and apply an
infosec risk assessment process that:
a) establishes and maintains information
security risk criteria that include:
1. the risk acceptance criteria and
2. criteria for performing information security
risk assessments
b) ensures that repeated information
security risk assessments produce
consistent, valid and comparable results
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
4. 6.1.2 Information security risk assessment
e. evaluates the information security risks:
1. compare the results of risk analysis with
the risk criteria established in 6.1.2 a)
2. prioritize the analyzed risks for risk
treatment
• Mandatory documented information:
Infosec risk assessment process
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
5. 6.1.3 Information security risk treatment.
Contd.
Note 2: Control objectives are implicitly
included in the controls chosen.
Control objectives and controls listed in
Annex A are not exhaustive and
additional control objectives and controls
may be needed.
13
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
6. 6.1.3 Information security risk treatment.
Contd.
Mandatory documented information:
infosec risk treatment process
Note: The infosec risk assessment and
treatment process in ISO 27001 aligns
with the principles and generic guidelines
provided in ISO 31000.
16
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
7. Any Questions?
Thank You
This document is a partial preview. Full document download can be found on Flevy:
http://flevy.com/browse/document/iso-27001-2013-clauses-v3-0-module-04clause-6-2572
8. 1
Flevy (www.flevy.com) is the marketplace
for premium documents. These
documents can range from Business
Frameworks to Financial Models to
PowerPoint Templates.
Flevy was founded under the principle that
companies waste a lot of time and money
recreating the same foundational business
documents. Our vision is for Flevy to
become a comprehensive knowledge base
of business documents. All organizations,
from startups to large enterprises, can use
Flevy— whether it's to jumpstart projects, to
find reference or comparison materials, or
just to learn.
Contact Us
Please contact us with any questions you may have
about our company.
• General Inquiries
support@flevy.com
• Media/PR
press@flevy.com
• Billing
billing@flevy.com