The University of SydneyPage 17AS/NZS ISO 31000 –Risk Management Standard–a generic guide for managing risk–https://www.iso.org/obp/ui#iso:std:iso:31000:ed-2:v1:en–What do we learn generic guide of managing risk in Information Security Management?–applicable to a wide range of activities•Public, Private, Govt., Community enterprise Groups, individuals–specifies elements of the risk management process–applies to activity, function, project, product or asset