20.5k unique visitors in the last 3 days

New ISO Standard Aligns Information Security Risk to ERM

Risk management is dogged by too many separate camps, doing their own thing, calling it risk management, and oblivious to the different way that other camps manage risk. It is hence very pleasing to notice that ISO and IEC appear to be making serious and concerted efforts to increase the consistency of their risk management guidance. ISO/IEC 27005: 2011 is their recently revised standard for information security risk management. In this press release, Alan Calder, CEO of IT Governance, said the following about the new 27005 standard:...it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management.Managing risk well necessitates a comprehensive and fair understanding of all the risks faced by the business. The progress being made by ISO and IEC is leading the risk profession in the right direction.

Risk management is dogged by too many separate camps, doing their own thing, calling it risk management, and oblivious to the different way that other camps manage risk. It is hence very pleasing to notice that ISO and IEC appear to be making serious and concerted efforts to increase the consistency of their risk management guidance. ISO/IEC 27005: 2011 is their recently revised standard for information security risk management. In this press release, Alan Calder, CEO of IT Governance, said the following about the new 27005 standard:

…it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management.

Managing risk well necessitates a comprehensive and fair understanding of all the risks faced by the business. The progress being made by ISO and IEC is leading the risk profession in the right direction.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email