Home /

ISO/IEC 27001:2013 ISMS Risk Management

ISO/IEC 27001:2013 ISMS Risk Management

ISO/IEC 27001:2013 ISMS Risk Management

ISO/IEC 27001:2013 ISMS Risk Management includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.

ISO 27001 Information Security Management System is a standard that can be applied to organizations of all sectors and sizes.

This standard covers the requirements to establish, implement, monitor, review, maintain and improve a documented ISMS in the context of all business risks of the organization.

Protection is possible by informing individuals about threats and risks related to information security, corporate information security policies or rules, how to counter these threats, and how to keep possible risks at the lowest possible risk level, as well as some physical and systemic precautions.

Adopting an Information Security Management System for an organization should be a strategic decision. The organization is affected by the design and implementation of the management system, its needs and objectives, security requirements, processes used, and the size and structure of the organization.

With ISO 27001, organizations determine the security controls they will apply. In this article, we have listed the documents that you may need.

Risk management activities, detailed below, are carried out in order to take measures to comply with the principles of confidentiality, integrity and accessibility in all processes and assets included in the scope of information security management. It is aimed to keep the risk level below the acceptable risk level for each asset.

Risk management and implementation of controls is a continuous activity, and it is aimed to make improvements for risks that fall below the acceptable risk level.

Some of the Related Documents

  • Asset Inventory Preparation and Management Procedure.
  • Risk Assessment Procedure.
  • Network Devices Security Procedure.
  • Network Management Procedure.
  • Information Technology Technical Equipment Maintenance Procedure.
  • Wireless Communication Procedure.
  • Authentication and Authorization Procedure.
  • Procedure for Detecting Vulnerabilities.
  • Information Systems Acquisition, Development and Compliance Procedure.
  • General Use of Information Systems Procedure.
  • Email Procedure.
  • Anti-Virus Usage Procedure.
  • Internet Usage Procedure.
  • Encryption Procedure.
  • Change Management Procedure.
  • Portable Storage Device Usage Procedure.
  • Building Security Procedure.
  • Database Security Procedure.

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. This regulation will replace the EU Data Protection Directive.

Learn More