Whilst ISO 27001 covers information security management systems as a whole, BS7799-3 focuses solely upon risk, covering:

• the evaluation of risk
• implementation of controls to address risk
• monitoring of identified risks
• maintenance of the control management system.

BS7799-3 is organized into the following sections:

• Scope
• Normative references
• Definition of terms
• Risk in the organization context
• Risk assessment
• Risk decision making
• On going risk management

The new standard itself is available for the usual BSI outlet: BS-7799

Or as part of a special BS7799 edition of the ISO 17799 Toolkit: Here

Although it is early days, for further information on BS7799-3, the following general reference site may assist: BS7799 Explained

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

Powered by AkoComment!