New ISO Standard Aligns Information Security Risk to ERM

Risk management is dogged by too many separate camps, doing their own thing, calling it risk management, and oblivious to the different way that other camps manage risk. It is hence very pleasing to notice that ISO and IEC appear to be making serious and concerted efforts to increase the consistency of their risk management guidance. ISO/IEC 27005: 2011 is their recently revised standard for information security risk management. In this press release, Alan Calder, CEO of IT Governance, said the following about the new 27005 standard:

…it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management.

Managing risk well necessitates a comprehensive and fair understanding of all the risks faced by the business. The progress being made by ISO and IEC is leading the risk profession in the right direction.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), an association of professionals working in risk management and business assurance for communications providers. RAG was founded in 2003 and Eric was appointed CEO in 2016.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press.

Related Articles

Get Our Weekly Newsletter by Email