Security Policy: Difference between revisions

Line 94:

#Ensures that repeated information security risk assessments produce consistent, valid and comparable results;

#Identifies the information security risks: (a) apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system; and (b) identify the risk owners;

#Analyses the information security risks: (a) assess the potential consequences that would result if the risks identified ~~in 6.1.2 c) 1)~~ were to materialize; (b) assess the realistic likelihood of the occurrence of the risks identified ~~in 6.1.2 c) 1)~~; and (c)determine the levels of risk;

#Analyses the information security risks: (a) assess the potential consequences that would result if the risks identified were to materialize; (b) assess the realistic likelihood of the occurrence of the risks identified; and (c)determine the levels of risk;

#Evaluates the information security risks: (a) compare the results of risk analysis with the risk criteria established ~~in 6.1.2 a)~~; and (b) prioritize the analysed risks for risk treatment.

#Evaluates the information security risks: (a) compare the results of risk analysis with the risk criteria established; and (b) prioritize the analysed risks for risk treatment.

The organization shall retain documented information about the information security risk assessment process.

@@ Line 94: / Line 94: @@
 #Ensures that repeated information security risk assessments produce consistent, valid and comparable results;
 #Identifies the information security risks: (a) apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system; and (b) identify the risk owners;
-#Analyses the information security risks: (a) assess the potential consequences that would result if the risks identified in 6.1.2 c) 1) were to materialize; (b) assess the realistic likelihood of the occurrence of the risks identified in 6.1.2 c) 1); and (c)determine the levels of risk;
+#Analyses the information security risks: (a) assess the potential consequences that would result if the risks identified were to materialize; (b) assess the realistic likelihood of the occurrence of the risks identified; and (c)determine the levels of risk;
-#Evaluates the information security risks: (a) compare the results of risk analysis with the risk criteria established in 6.1.2 a); and (b) prioritize the analysed risks for risk treatment.
+#Evaluates the information security risks: (a) compare the results of risk analysis with the risk criteria established; and (b) prioritize the analysed risks for risk treatment.
 The organization shall retain documented information about the information security risk assessment process.

Security Policy: Difference between revisions

Navigation menu

Search