Cyber Security: Risk Management - In Context of ISO 2700X -
Information systems are ubiquitous today in all businesses. The computer security of these systems must protect
them from many threats of various origins. Risk management can determine, based on the vulnerability of the system, its
criticality for each of these threats. It then makes it possible to propose the necessary and sufficient solutions to reduce the
risks to an acceptable residual level.
The purpose of this article is to discuss the issue of cybersecurity within an organization and to analyze risk management
activities across selected ISO standards to provide the basis for improving risk management in information systems. Then we
discuss the different methodologies / tools for evaluating and managing the risks associated with information and its
treatments. We also present an example based on ISO27001 set for risk assessment and risk management. The results of this
research indicate that successful risk management helps protect the cyber-attack information system.
Keywords - Cyber Security, Risk Management, ISO Standards, Mehrai, Ebios, Risk Analysis, Standard Organisation,
Information Security, ISO 27001.