Hi John
For Risk Assessment & Risk Treatment - I would recommend that you have
a look at BS7799 (http://www.bsi-global.com/Global/bs7799.xalter).
You can get some basic information for starters here:
http://www.gammassl.co.uk/bs7799/
http://www.gammassl.co.uk/bs7799/works.html
On 6/2/05, Andrew Rogers <andrew.rogers@optusnet.com.au> wrote:
I am looking for case studies, white papers and experiences of
people who have implemented information risk management processes in their
organization.
I would be glad to have discussions on RA, RT( based on experiences of
list members including me); and anything specific to the standard as
well.
Cheers,
Karan
On 6/2/05, Andrew Rogers <andrew.rogers@optusnet.com.au> wrote:
John,
Hi there.
Chapter four of ACSI33 (Australian Government Information and Communications
Technology Security Manual) [
http://www.dsd.gov.au/library/infosec/acsi33.html ] Deals with risk
management. - It's not a long read, but it does cover it and reference where
it is that they've drawn the guidelines from.
Hope that helps.
Andrew
-----Original Message-----
From: John Blackley [mailto:jblackley@sysmatrix.net]
Sent: Saturday, 28 May 2005 6:44 AM
To: security-management@securityfocus.com
Subject: Information Risk Management
Folks,
I want your help in finding information on risk management as it's applied
through information security to I/T.
I'm not looking for theory or Powerpoint presentations with multi-colored
circles. I am looking for case studies, white papers and experiences of
people who have implemented information risk management processes in their
organization.
I appreciate anything you can direct me to and I'll be happy to share
anything of quality that I find.
John A Blackley
