Information Security Strategy & Risk Management: a conceptual guide using iso frameworks
Muhammed, Ifthiquar Hussain (2025)
Muhammed, Ifthiquar Hussain
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025053018410
https://urn.fi/URN:NBN:fi:amk-2025053018410
Tiivistelmä
As digital systems have become more complex and connected, organizations had to deal with more pressure to manage information security risks in a planned and proactive way. To help with this, a useful guide was created to help professionals and decision makers better understand to create an Information Security strate-gy and apply information security risk management plan as per ISO/IEC 27005:2018 standard. The objective of the study was to ascertain the methods by which information security risks are identified, assessed, treated, and monitored in a professional context.
The work was done by studying ISO/IEC 27001:2013, & 27005:2018, ISO/IEC 27001:2022 closely and using its guidance in the real world. The information security strategy and risk management process was meticulously analyzed and restructured to ensure comprehensibility. This involved a systematic breakdown and rephrasing of each stage, from the initial assessment to the final review, to enhance the clarity and accessibility of the information. This approach is intended for organizations that want to improve their security by aligning them with the ISO Framworks.
The study found that following the standard process led to better decision making, stronger alignment with business goals, and improved ability to respond to changing threats. It also showed that communication be-tween stakeholders and regular updates to risk assessments were important for keeping up with the latest information.
In conclusion, ISO/IEC 27005:2018 proved to be a valuable foundation for managing information security risks. This is especially true when supported by strong internal communication and ongoing evaluation. When used as a way of living and not just a list of things to check off, the framework helped organizations prepare for the challenges of a digital landscape that is changing quickly.
The work was done by studying ISO/IEC 27001:2013, & 27005:2018, ISO/IEC 27001:2022 closely and using its guidance in the real world. The information security strategy and risk management process was meticulously analyzed and restructured to ensure comprehensibility. This involved a systematic breakdown and rephrasing of each stage, from the initial assessment to the final review, to enhance the clarity and accessibility of the information. This approach is intended for organizations that want to improve their security by aligning them with the ISO Framworks.
The study found that following the standard process led to better decision making, stronger alignment with business goals, and improved ability to respond to changing threats. It also showed that communication be-tween stakeholders and regular updates to risk assessments were important for keeping up with the latest information.
In conclusion, ISO/IEC 27005:2018 proved to be a valuable foundation for managing information security risks. This is especially true when supported by strong internal communication and ongoing evaluation. When used as a way of living and not just a list of things to check off, the framework helped organizations prepare for the challenges of a digital landscape that is changing quickly.