Information security risk management is the process of identifying, analysing, evaluating, and treating risks associated with the loss of confidentiality, integrity and availability of the organisation’s information assets.

What are the risk management requirements of ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the leading international information security management system standard and one of its key features is that it is risk-based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account the organisation’s risk appetite and the information it is seeking to protect.

ISO 27001 clearly states in Clauses 6.1 what actions it expects an organisation to take in addressing risks. These actions include defining and applying processes for both assessing and treating information security risks. Further requirements around the operation of risk assessment and treatment are also specified in Clauses 8.2 and 8.3.

What is information security risk management software?

Information risk management software supports organisations by automating some of the processes involved and helping to identify, analyse and evaluate risks to an organisation’s information assets in a uniform, predetermined approach. The end result is that the process for assessing and managing all information risks is identical and risks can be treated based on the organisation’s risk appetite.

Download Abriska 27001 Product Sheet

We were impressed with the implementation and management of the Abriska tool. The service we have received is of a high quality due to the Team’s attention to detail, proactiveness and implementation of enhancement requests from the dev side. The Board is also impressed with the tool and is looking to complete an organisation-wide implementation soon. We will definitely recommend other charity contacts to use the tool, as it is well priced and comes with excellent customer service.

Masonic Charitable Foundation