A blog about GRC (Governance, Risk Management, and Compliance)

How does the ISO 27001:2013 affect your risk management process?

[fa icon="calendar'] Monday, 29 July 2019 / by Jakob Holm Hansen under Iso Standard and certification, Risk Managment

[fa icon="comment"] 0 comments

ISO / IEC 27001 was introduced in 2005 and has become a very popular international standard. Now ISO 27001 is being revised and a new version is due later in 2013. I’ve looked at the changes before and outlined the main differences between the old and the new version.

More [fa icon="long-arrow-right"]

Risk Assessments - What are they for?

[fa icon="calendar'] Monday, 27 June 2016 / by Jakob Holm Hansen under Risk Managment

[fa icon="comment"] 0 comments

It is now considered good practice to perform risk assessments - or at very least to acknowledge that they should be done.

Unfortunately, far too often we see that businesses only conduct risk assessments in order to satisfy some sort of compliance requirement or other types of requirements (audit, contract, statute etc.). If you are lucky, you might have the resources to conduct them once per year. 

Typically, you will conduct your risk assessment, speak with your organisation and then finally you submit a fancy report. And then your "project" is done. However, it would be wrong to consider the risk assessment as a project. Risk assessments should be a process. It is a process that involves feedback and continual adjustments.

More [fa icon="long-arrow-right"]

Risk assessment is a process - 3 reasons to do it again (and again)

[fa icon="calendar'] Friday, 10 July 2015 / by Jakob Holm Hansen under Risk Managment

[fa icon="comment"] 0 comments

Information security risk assessments are an integral part of managing information security. Unfortunately, it is not uncommon for businesses to consider risk assessment as something they need to get over with in order to meet certain requirements. 

More [fa icon="long-arrow-right"]

Six questions about the ISO 27001 revision (with answers)

[fa icon="calendar'] Tuesday, 30 April 2013 / by Jakob Holm Hansen under Risk Managment, ISO Standards & Certification

[fa icon="comment"] 0 comments

How does the ISO 27001 revision impact your risk management?

More [fa icon="long-arrow-right"]

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts