New ISO Standard Aligns Information Security Risk to ERM

Risk management is dogged by too many separate camps, doing their own thing, calling it risk management, and oblivious to the different way that other camps manage risk. It is hence very pleasing to notice that ISO and IEC appear to be making serious and concerted efforts to increase the consistency of their risk management guidance. ISO/IEC 27005: 2011 is their recently revised standard for information security risk management. In this press release, Alan Calder, CEO of IT Governance, said the following about the new 27005 standard:

…it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management.

Managing risk well necessitates a comprehensive and fair understanding of all the risks faced by the business. The progress being made by ISO and IEC is leading the risk profession in the right direction.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.