British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.
You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:
Standard number/name | Description/Benefits | Published by |
BS ISO/IEC 27005 Information security risk management | This is a supporting standard to BS ISO/IEC 27001. It has an annex describing a number of risk assessment approaches that are consistent with ISO/IEC 27001. If you take an asset-threat-vulnerability approach, it has annexes that will help you identify potentially applicable types of assets, threats and vulnerabilities. | BSI |
Information Security Risk Management handbook | BSI publishes an Information Security Risk Management handbook. Although it is based on superseded versions of ISO/IEC 27001 and ISO/IEC 27005 , most of its content is version-independent and remains valid. It includes annexes listing potential assets, threats and vulnerabilities. | BSI |
BIP0139 An Introduction to ISO 27001:2013 | BSI’s Introduction to ISO 27001:2013 includes an example of a practical, easy-to-use risk assessment method suitable for small and medium-sized businesses. | BSI |
Special Publication SP800-30, Guide for Conducting Risk Assessments. | The recommended risk assessment process for US federal information systems is documented in the US National Institute of Standards and Technology free Special Publication SP800-30, Guide for Conducting Risk Assessments. This itemises threats and vulnerabilities, but not assets. | US National Institute of Standards and Technology |