Security risk assessment and information security policies

Risk Analysis and
Information Security Policies

Security risk analysis is described as a process to ensure that the security controls for a system are fully commensurate with its risks. However, within this, it is simply common sense to mandate a baseline... a minimum level of security beneath which the organization must not fall.

This is the major role of security policies - the published and recorded minimum set of controls mandated throughout the enterprise.

security policies

Policies and risk analysis should exist side by side, and should complement each other. Consideration should also be given to the wider role of security policies, for example, in relation to security standards, such as ISO17799.

To assist in the task of producing or maintaining a comprehensive set of security policies, we have identified the following specialist portals:

Security Risk Assessment
Return to first page


Copyright 2001 Security Risk Associates
Gateway Listed for Security Policies