NEN 7799-3
Information security manmagement systems - Part 3: Guidelines for information security risk management (BS 7799-3:2006)
| Organization: | NEN |
| Publication Date: | 1 September 2006 |
| Status: | inactive |
| Page Count: | 60 |
| ICS Code (Information coding): | 35.040 |
| ICS Code (Information technology (IT) in general): | 35.020 |
scope:
This Standard gives guidance to support the requirements given in ISO/IEC 27001:2005 regarding all aspects of an ISMS risk management cycle. This cycle includes assessing and evaluating the risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls. The focus of this standard is effective information security through an ongoing programme of risk management activities. This focus is targeted at information security in the context of an organization's business risks. The guidance set out in the British Standard is intended to be applicable to all organizations, regardless of their type, size and nature of business. It is intended for those business managers and their staff involved in ISMS (Information Security Management System) risk management activities.
Document History
