February, 2019 Newsletter Articles

Risk Management Principles

Feb 1, 2019 in Newsletter | Comments Off on Risk Management Principles

As mentioned in the earlier Risk Terminology article, the purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. ISO 31000:2018, “Risk Management – Guidance”, describes eight principles that provide guidance on the characteristics of effective and efficient risk management, communicating its value, and explaining its intention and purpose. These principles are the foundation for managing risk and should be...

Read More

Risk Management Terminology

Feb 1, 2019 in Newsletter | Comments Off on Risk Management Terminology

According to ISO 31000:2018, risk management is the coordination of the activities that direct and control the risks faced by an organization. The purpose of risk management is to create and protect value. It improves performance, encourages innovation, and supports the achievement of objectives. Organizations of all types and sizes must deal with external and internal factors that make it uncertain whether they will achieve their objectives. Managing risk is an iterative process and helps organizations to set strategy, achieve...

Read More

Risk Management Framework

Feb 1, 2019 in Newsletter | Comments Off on Risk Management Framework

The purpose of the risk management “framework” described in ISO 31000:2018 is to help the organization integrate risk management into its significant activities and functions. The effectiveness of risk management depends on its integration into the governance of the organization, including decision-making, which requires support from top management. Framework development includes 1) integrating, 2) designing, 3) implementing, 4) evaluating, and 5) improving risk management across the organization. 1....

Read More

Risk Management Process

Feb 1, 2019 in Newsletter | Comments Off on Risk Management Process

According to ISO 31000:2018, the risk management “process” involves the systematic application of policies, procedures, and practices to the activities of communicating and consulting, establishing the context, and assessing, treating, monitoring, reviewing, recording, and reporting risk. The risk management process should be an integral part of management and decision-making and integrated into the structure, operations, and processes of the organization. It can be applied at strategic, operational, program, or project...

Read More

ISO/TS 27008:2019 Published

Feb 1, 2019 in Newsletter | Comments Off on ISO/TS 27008:2019 Published

ISO/TS 27008:2019, Edition 1, “Information technology – Security techniques – Guidelines for the assessment of information security controls”, is available and replaces ISO/TR 27008:2011. The new technical specification supports the Information Security Risk Management process referenced in ISO 27001. Information security controls should be fit-for-purpose (appropriate and suitable mitigation of information risks), effective (properly specified, designed, implemented, used, managed and maintained), efficient (delivering net...

Read More