Information security protects information held by organizations from a wide range of threats to ensure business continuity, minimize business damage and maximise return on investment and business opportunities. BSI’s range of publications and standards will help you implement an effective Information Security Management System.
Read more about Information Security on the Information and Communication Technology (ICT) microsite.
Identifying, evaluating, treating and managing information security risks are key processes if businesses want to keep their information safe and secure. Whilst these processes are specified in the information security standard BS ISO/IEC 27001:2005, further guidance is required on how to manage these risks as well as to put them into context with other business risks.
BS 7799-3:2006 provides this guidance and covers:
- risk assessment
- risk treatment
- management decision making
- risk re-assessment
- monitoring and reviewing of risk profile
- information security risk in the context of corporate governance compliance with other risk based standards and regulations.
Coming soon BS 25777 Code of practice for ICT continuity
Register for updates
