Site Loader
Rock Street, San Francisco

An approach to the improvement methodof risk assessment according to ISO 27001As we havediscussed, I would like to direct my research dissertation on the developing animproved method of risk assessment according to ISO:27001The stepsthat I would like to follow are as following:·        Step 1 is the idea is to analyze thecurrent risk assessment methods through literature review on an academic andscientific orientation·        Step 2 to see the risk assessment methods asthey are developed from ISO, NIST, SOX which is more industry/technicallyoriented·        Step 3 According to the findings from Step1 and Step 2 i will create a combined method of Risk Assessment but withorientation to ISO:27001. This methodwill be based from all the good points which are mentioned from experts onpapers and will be included from all the standards such as ISO, NIST SOX etc.Besidesthis, I will also make a research on the field with companies in the industryof ICT, Insurance and Banking Sector.From theanswers and Informations that I will receive from the experts, it department, cio,ciso etc., I will try to identify the following:·        Gapsthat they face during the risk assessment process·        Securityissues which they are not able to identify through their risk assessmentprocess (their risk assessment method does not cover)·        Themethod/way that they implement the Risk Assessment techniques·        Howdo they create a report of findings?·        Howto they make a list of recommendations from their findings·        Whichare the next steps that they take to treat the findings·        Dothey treat the findings according to ISO 27001 Risk Assessment, NIST or anyother hybrid method (combined method)?·        Dothey use any Software tool for recommendations, or only the paper work?·          

Post Author: admin


I'm Eric!

Would you like to get a custom essay? How about receiving a customized one?

Check it out