Home

Features

 Overview

 Risk Register

 Risk Matrix

 Risk Treatments

 Risk Analysis

 Risk Dashboard

 Charts

 Reports

 Alerts

 Optional Add-ons

Applications

 Overview

 ISO 17799 / ISO 27000

 Basel II

 Sarbanes-Oxley Act

 COSO

 PRINCE2

 KonTraG

 AS/NZS 4360

 RM Standard

Risk Register
Webpage

 NOWECO Management Software

Risk Management Software and ISO 17799 / ISO 27000

ISO 17799 / ISO 27000 require risk management

ISO 17799 / ISO 27000 provide information on how to ensure information security. ISO 17799 / ISO 27000 describe a management framework that shall be applied.

ISO 17799 / ISO 27000 require to establish an organisation's approach to information security risk management.

iso 17799, ISO 277000 and risk management

These three elements in risk management as mentioned in ISO 17799 / ISO 27000 mean:

  • Risk Identification and Assessment: ISO 17799 / BS 7799 require to justify the appropriateness of assessment approach, tools and techniques chosen. The following risk assessment details should be documented:
    - the valuation of the assets
    - identification of risks (threats and vulnerabilities)
    - assessment of likelihood and consequences of risks occurring
    - risk calculation.
  • Risk treatment plan: The risk treatment plan coordinates the treatments to reduce risks and implement controls required to protect information. It shows the decision whether to accept a risk, transfer it or reduces its likelihood or consequence. Further, the risk treatment plan will provide information on the risk treatment methods as selected, controls (which are in place and which are proposed) and the schedule of implementing treatments and controls.
  • Risk treatment: The risk treatment is the step to implement all treatments and controls as set out in the risk treatment plan

Enterprise Risk Register® and ISO 17799 / ISO 27000

Enterprise Risk Register® is a valuable software that assists you in meeting the requirements of ISO 17799 / ISO 27000. It allows you to collect, assess, report risks and respond to risks by implementing and managing appropriate treatments.

Enterprise Risk Register® assists you to collect all risks identified in your security management in its risk log or risk register. It helps you to provide consistency across the ISO 17799 project and even the entire organisation.

Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.

And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction

©2007 by Northwest Controlling Corporation Ltd. Terms of Use - Disclaimer - Applicable Law  Privacy