ISO/IEC 27005 is a standard that provides guidelines for information security risk management . It outlines what the risk assessment needs to include, such as an iterative risk assessment approach, risk treatment options, communication and consultation with interested parties, monitoring and review of the risk management process, and documentation of risk management processes and results . However, it does not provide specific steps to take, but rather defines how risk management relates to the business processes .
Vigilant Software’s vsRisk is a tool that can help create a consistent, repeatable risk assessment ?. It is fully aligned with ISO 27001 and can generate six audit-ready reports, including the risk treatment plan and the Statement of Applicability ?.