Neelov Kar, PM Game

ISO 27001:2013 standard has changed quite a bit from the previous standard from 2005. One of the significant changes is how risk management is defined. This presenter is a certified lead auditor of ISO 27001:2013 standard. He has performed audits in this standard for over 50 audits in last two and half tears. It is the impression that people in the industry are still struggling in interpreting this aspect as mentioned in the Clause 6.1 of the standard.  This presentation will explain how risk management and the Annex A controls are closely tied with each other. Every organization when tries to build the Information Security Management System (ISMS) to protect their data and information selects specific controls from the Annex A control that are applicable to the organization. Every included control is intended to build a specific shield to protect data or information for a specific nuance. In other words in absence of that specific shield organization is exposed to that specific danger that can bring harm to data or information. Author plans to use examples to illustrate this concept.