How is risk assessment related to ISO/IEC 27001?
Selecting the right set of controls requires the use of a risk assessment-based approach. This approach is a mandatory part of the PLAN (identify, analyze and evaluate the risks), DO (select, implement, and use controls to manage the risks to acceptable levels), CHECK, and ACT cyclic process defined in ISO/IEC 27001 for the establishment, implementation, and maintenance of an ISMS.