ISO 27005:2018

ISO 27005:2018, Information technology – Security techniques – Information security risk management, is available with guidelines for information security risk management.

ISO 27005 supports the general concepts specified in ISO 27001 and is designed to assist the implementation of information security based on a risk management approach.

Knowledge of the concepts, models, processes, and terminologies described in ISO 27001 and ISO 27002 is important for a complete understanding of ISO 27005.

ISO 27005 is applicable to all types of organizations (e.g., commercial enterprises, government agencies, and non-profit organizations) which intend to manage risks that can compromise the organization’s information security.

The 56-page standard can be ordered from ANSI.org for $167.20 for members ($209 for non-members) or at ISO.org for about $178.

To request our 1.5-day “ISO 27001:2013 Requirements” course be taught onsite at your location, please go to this web page.