New ISO Standard Aligns Information Security Risk to ERM

Risk management is dogged by too many separate camps, doing their own thing, calling it risk management, and oblivious to the different way that other camps manage risk. It is hence very pleasing to notice that ISO and IEC appear to be making serious and concerted efforts to increase the consistency of their risk management guidance. ISO/IEC 27005: 2011 is their recently revised standard for information security risk management. In this press release, Alan Calder, CEO of IT Governance, said the following about the new 27005 standard:

…it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management.

Managing risk well necessitates a comprehensive and fair understanding of all the risks faced by the business. The progress being made by ISO and IEC is leading the risk profession in the right direction.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric's history as editor.