This British Standard gives guidance to support the requirements given
in BS ISO/IEC 27001:2005 regarding all aspects of an ISMS risk
management cycle. This cycle includes assessing and evaluating the
risks, implementing controls to treat the risks, monitoring and
reviewing the risks, and maintaining and improving the system of risk
controls.
The focus of this standard is effective information security through an
ongoing programme of risk management activities. This focus is
targeted at information security in the context of an organization’s
business risks.
The guidance set out in this British Standard is intended to be applicable
to all organizations, regardless of their type, size and nature of business.
It is intended for those business managers and their staff involved in
ISMS (Information Security Management System) risk management
activities.
BS 7799-3:2006 history
2017BS 7799-3:2017 Information security management systems - Guidelines for information security risk management
2006BS 7799-3:2006 Information security management systems - Guidelines for information security risk management