Category InfoSec

risk approach

What is the risk approach in ISO 27001?

The international standard for information security, ISO 27001, was an early adopter of the risk-based approach to management systems. Since then, influenced by Annex SL, all modern management systems include risks and opportunities in clause 6. But why is risk…