Welcome to the first edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security. The newsletter will comprise a combination of inclusive articles and the identification of useful and topical sources on the web.
This initial edition covers:
COMPLYING WITH ISO17799 - RISK ANALYSIS
A common theme throughout ISO17799 is the requirement for security risk analysis.
Finding good source material for this is not always straightforward... hopefully The ISO27000 Newsletter can help. Although there is a myriad of sites on this topic, we have produced one which explains the theory and base methodology for most major approaches: Security Risk Analysis
One recommendation worth contemplating with respect to risk: establish the relationship between risk analysis and compliance with security policy (and indeed the standard) at the outset. Both of these elements are fundamental to your security profile and must complement each other to be fully effective.
Proper thought and consideration of how they will interact now may well pay dividends later.