Abstract： BS ISO/IEC 27005:2011 pdf free download.lnformation technology-Security techniques ——lnformation security risk management. 3.12 risk communication and consultation continual and iterative processes that an organization conducts to provi...

BS ISO/IEC 27005:2011 pdf free download.lnformation technology-Security techniques ——lnformation security risk management.

3.12

risk communication and consultation

continual and iterative processes that an organization conducts to provide, share or obtain information, and to engage in dialogue with stakeholders (318) regarding the management of risk (3.9)

[ISO Guide 73:2009]

NOTE 1 The information can relate to the existence, nature, form, likelihood, significance, evaluation, acceptability and treatment of risk.

NOTE 2 Consultation is a two-way process of informed communication between an organization and its stakeholders on an issue prior

to making a decision or determining a direction on that issue. Consultation is:

- a process which impacts on a decision through influence rather than power; and

— an input to decision making. not joint decision making.

3.13

risk criteria

terms of reference against which the significance of a risk (3.9) is evaluated

[ISO Guide 73:2009]

NOTE 1 Risk criteria are based on organzational ob,ectives, and external and internal conteAt. NOTE 2 Risk criteria can be derived from standards, laws, policies and other requirements.

3.14

risk evaluation

process of comparing the results ot risk analysIs (3.10) with risk criteria (3.13) to determine whether the risk and/or its

magnitude is acceptable or tolerable

[ISO Guide 73:2009)

NOTE Risk evaluation assists in the decision about risk treatment.

Recommended：