Security requirements are identified by a methodical assessment of security risks. Expenditure on
controls needs to be balanced against the business harm likely to result from security failures.
The results of the risk assessment will help to guide and determine the appropriate management action
and priorities for managing information security risks, and for implementing controls selected to
protect against these risks.
Risk assessment should be repeated periodically to address any changes that might influence the risk
assessment results.
More information about the assessment of security risks can be found in clause 4.1 “Assessing
security risks”.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment