ISO/IEC 27005

ISO/IEC 27005, part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full title is ISO/IEC 27005:2008 Information technology -- Security techniques -- Information security risk management.

The purpose of ISO/IEC 27005 is to provide guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. It does not specify, recommend or even name any specific risk analysis method, although it does specify a structured, systematic and rigorous process from analysing risks to creating the risk treatment plan.

The standard was published in June 2008. In 2011 a new version of the ISO27005 was released by ISO, the ISO27005:2011.

[edit] See also

• ISO/IEC 27000-series

[edit] External links

• Current status of the ISO 27005 standard
• Opensource software to manage ISO 27005 risk processes