ISO/IEC 27005:2011-EN

ISO/IEC 27005:2011英文版BS|So/EC27005:201
so/EC27005:2011E
9.2 Risk modification
22
9. 3 Risk retention
面BB1面面
9.4
Risk avoidance
9.5 Risk sharing
10 Information security risk acceptance..
24
11
Information security risk communication and consultation
24
12
Information security ris k monitoring and review
25
12.1 Monitoring and review of risk factors
25
12.2 Risk management monitoring, review and improvement.....
26
Annex A(informative )Defining the scope and boundaries of the information security risk
management process
A1 Study of the organization..
28
A2 List of the constraints affecting the organization..
A3 List of the legislative and regulatory references applicable to the organization
31
A.4
List of the constraints affecting the scope
Annex B (informative) Identification and valuation of assets and impact assessment
量国
面面国
33
B. 1 Examples of asset identification
33
B.1.1 The identification of primary assets
33
0m-0sz
B12 List and description of supporting assets……………
34
B.2 Asset va| uation.…
38
B3 Impact assessment............
n41
Annex C (informative)Examples of typical threats
42
Annex D (informative) Vulnerabilities and methods for vulnerability assessment.....
D1 Examples of vulnerabilities
45
D2 Methods for assessment of technical vulnerabilities
n…48
Annex E(informative)Information security risk assessment approaches
50
E.1 High-level information security risk assessment.………
50
E2 Detailed information security risk assessment...-.............
E22 Example2 Ranking of Threats by Measures of RisK.………
51
E.2.1 Example 1 Matrix with predefined values
52
E.2.3 Example 3 Assessing a value for the likelihood and the possible consequences of risks... 54
Annex F(informative) Constraints for risk modification..
面
56
Annex G(informative) Differences in definitions between ISO/EC 27005: 2008 and ISo/EC
27005:2011
58
Bibliography
68
O ISO/EC 2011-All rights reserved

BS ISO/EC27005:2011
ISO/EC270