Skip to content
Menu
menu

Risk Assessment

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

Annex H

(informative)

H. Bibliography

H.1 ASIS International Publications

ANSI/ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness and Continuity Management Systems — Requirements with Guidance for Use

H.2 ISO Standards Publications

ISO Guide 72:2001, Guidelines for the justification and development of management system standards

ISO Guide 73:2009, Risk management -- Vocabulary

ISO 9000:2009, Quality management systems -- Fundamentals and vocabulary

ISO/IEC 13335-1:2004, Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management

ISO 19011:2011, Guidelines for quality and/or environmental management systems auditing

ISO 31000:2009, Risk management – Principles and guidelines

ISO/IEC 31010:2009, Risk management -- Risk assessment techniques

Table of Contents

RA Standard Home

Introduction
  • General
  • Definition of Risk Assessment
  • Quantitative and Qualitative Analysis
  • Managing Organizational and Specific Risk Assessments
  • Plan-Do-Check-Act Model

Scope

  • Scope
  • Normative References
  • Terms and Definitions
Principles
  • General
  • Impartiality, Independence, and Objectivity
  • Trust, Competence, and Due Professional Care
  • Honest and Fair Representation
  • Responsibility and Authority
  • Consutative Approach
  • Fact-Based Approach
  • Confidentiality
  • Change Management
  • Continual Improvement
Managing A Risk Assessment Program
  • General
  • Understanding the Organization and Its Objectives
  • Establishing the Framework
  • Establishing the Program
  • Implementing the Risk Assessment Program
  • Monitoring the Risk Assessment Program
  • Review and Improvement
Performing Individual Risk Assessments
  • General
  • Commencing the Risk Assessment
  • Planning Risk Assessment Activities
  • Conducting Risk Assessment Activities
  • Post Risk Assessment Activities
  • General
  • Competence

Annex A: Risk Assessment Methods, Data Collection, and Sampling

  • General
  • Types of Interactions
  • Assessment Paths
  • Sampling

Annex B: Root Cause Analysis

  • General
  • Applying Root Cause Techniques
  • Ten Steps for Effective Root Cause Analysis

Annex C: Background Screening and Security Clearances

  • General
  • Background Checks
  • Interviews
  • Privacy Protection

Annex D: Contents of the Risk Assessment Report

Annex E: Confidentiality and Document Protection

Annex F: Examples of Risk Treatment Procedures that Enhance Resilience of the Organization

  • General
  • Prevention and Mitigation Procedures
  • Response Procedures
  • Continuity Procedures
  • Recovery Procedures

Annex G: Business Impact Analysis

Annex H: Bibliography

arrow_upward