“Risk management is the central idea of ISO 27001. And, the way ISO 27001 tells you to achieve this tailor-made suit is to perform risk assessment and risk treatment.” This book, ISO 27001 Risk Management in Plain English, is a quick read for people who are focused solely on risk management. It has one aim in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 27001 risk assessment and treatment – without struggle, stress, or headaches.

ISO 27001 Risk Management in Plain English is written primarily for beginners in this field and for people with moderate knowledge about risk assessment and treatment. It is structured in such a way that someone with no prior experience or knowledge about information security can quickly understand what it is all about, and how to implement the whole risk management project. However, if you do have experience with ISO 27001, but feel that you still have gaps in your knowledge, you’ll also find this book very helpful.

This book will give you a complete overview of risk management according to ISO 27001. It will also explain the differences between risk management in ISO 27001 and other risk-oriented standards, such as ISO 27005 and ISO 31000. You will learn the five main steps in the risk management process, the purpose of risk assessment, and how to perform it.

“In my experience, the employees (and the organization as a whole) are usually aware of only 25 to 40% of risks,” says author Dejan Kosutic. “Therefore, a thorough and systematic process needs to be carried out to find out everything that could endanger the confidentiality, integrity, and availability of their information.”

This book will serve as your complete guide to ISO 27001 risk management. From the simple explanation of requirements, steps in risk management, development of methodology, and which documents are required for risk management – you will quickly see that this is the only book you’ll ever need on the subject.