ISO/IEC 27005 provides guidance to assist organisations to:
— fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks,
— perform information security risk management activities, specifically information security risk assessment and treatment.
All organisations can apply this standard, regardless of type, size, or sector. It is intended to be used by organisations that want to establish and implement an information security management system. The document is also useful for organisations that intend to improve their information security risk management process.
ISO/IEC 27005 is helpful for persons who perform or are involved in information security risk management, for example, ISMS professionals or risk owners.
Required fields are indicated with *