5.4.1.1General
The requirements stated in ISO/IEC 27001:2013, 6.1.1 along with the interpretation specified in 5.1, apply.
5.4.1.2Information security risk assessment
ISO/IEC 27001:2013, 6.1.2 c) 1) is refined as follows:
The organization shall apply the information security risk assessment process(s) to identify risks associated
with the loss of...
5.4.1.3Information security risk treatment
ISO/IEC 27001:2013, 6.1.3.c) is refined as follows:
The controls determined in 6.1.3 b) of ISO/IEC 27001:2013 shall be compared with those in ISO/IEC
27001:2013, Annex A and/or...