In today’s interconnected, technology-driven world information security breaches and cyber attacks remain a significant threat. But how do we manage these risks? A new standard can help!
ISO/IEC 27005:2018 is the third edition of this International Standard. ISO/IEC 27005 provides a framework which organisations can employ to effectively manage information security risks.
The standard has been revised to bring it into line with the 2013 edition of ISO/IEC 27001. It provides specific guidance on how to meet the risk management requirements in ISO/IEC 27001.
ISO/IEC 27005 provides the ‘why’ and ‘how’ organisation can manage their information security risks effectively in line with ISO/IEC 27001:2013. It also enables an organisation to demonstrate that they have robust risk management processes in place and that they are good to do business with.
The standard, forms a critical part of the cyber-risk toolkit that is the ISO/IEC 27000 family of cyber security standards. Other standards in the family include the flagship ISO/IEC 27001, as well as others covering such topics as cyber security, security in the cloud, ISMS auditing and more.
The changes since the last edition of the standard can be summarised as follows:
- References to ISO/IEC 27001:2005 have been removed.
- In the bibliography, ISO/IEC 27001 has been added.
- Annex G has been removed as have all references to it.
- Editorial changes have been made to the document.
Buy ISO/IEC 27005:2018 on this website.