La norma ISO 27001 e ISO 31000: gestión de riesgos en las organizaciones

Risk mainly formed by 2 factors: threat and vulnerability is considered in organizations like a critical success factor that can affect in many ways the organization endangering business operations, or assets and critical information that is necessary by the organization every day to subsist, both standards ISO 27001 and ISO 31000 try to manage the risk in organizations, the standard ISO 27001 implements an ISMS (Information security management system), the standard ISO 31000 implements a Risk Management System that should be compatible with risk management of any particular sector. As we can see both standards try to manage the risk, the mainly difference between the 2 standards is that the standard ISO 27001 is specialized in the identification and treatment of risks that compromise the information or the critical information assets of the organization, other clear difference is that the standard ISO 27001 is certifiable, it means that there are independent certification entities that check that the information security is managed correctly inside the organization, and ISO 31000 is not certifiable, it means that there are not external entities that check the correct implementation of the standard inside the organization. In this article will be analyzed the business motivations, and the technical motivations in an enterprise to implements each standard.

...