Guide for Information System Security Risk Management

Organizations increasingly need to identify their organizational needs regarding information security requirements, particularly to establish an effective information security management system (ISMS) while complying with the National Directive on Information System Security (DNSSI).

Based on this observation, it is necessary to adopt a systematic approach that is both suited to the organization’s environment and aligned with the organization’s overall risk management strategy.

This guide aims to provide a general overview of the risk management process in security, describing the steps involved, particularly in support of the requirements defined in ISO/IEC 27001 (those related to ISMS) and ISO/IEC 27005, which describes the risk management system for information security.

It is intended for managers and staff involved in risk management for information security within an organization.

In summary, this document describes the activities related to risk management in information security and presents, through a case study, the implementation of the risk management process.

To report any criminal digital content, including threats to the security of individuals and groups, praise or incitement of terrorism, and violations of the rights and freedoms of children, please use the following platform : www.e-blagh.ma

DGSSI2024 All rights reserved