ISO/IEC 27005

E108040

ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.

All labels observed (2)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf ISO/IEC standard
information security standard
risk management standard
alignedWith ISO/IEC 27001 requirements for risk management
appliesTo organizations of all types and sizes
basedOn ISO/IEC 27000 family
surface form: ISO/IEC 27000 information security management systems concepts
category information security risk management guideline
covers risk acceptance
risk analysis
risk communication
risk evaluation
risk identification
risk monitoring and review
risk treatment
defines systematic approach to information security risk management
focusesOn information security risk management
fullName ISO/IEC 27005 self-linksurface differs
surface form: ISO/IEC 27005 Information technology — Security techniques — Information security risk management
geographicalScope international
intendedFor ISMS implementers
information security managers
risk managers
language English
objective to ensure that information security risks are identified and managed
to support the implementation of an effective information security risk management process
partOfSeries ISO/IEC 27000 family
providesGuidelinesFor continual improvement of information security risk management
establishing information security risk management
implementing information security risk management
maintaining information security risk management
publishedBy International Electrotechnical Commission
International Organization for Standardization
relatedTo ISO/IEC 27002
ISO/IEC 27003
ISO/IEC 27004
subjectArea information security management systems
information technology security techniques
supports ISO 27001
surface form: ISO/IEC 27001
supportsProcess asset identification
definition of risk acceptance criteria
establishing an information security risk management context
impact assessment
likelihood assessment
risk determination
selection of risk treatment options
threat identification
vulnerability identification
targetAudience organizations implementing an ISMS
usedFor designing an information security risk management framework
supporting certification against ISO/IEC 27001

How these facts were elicited

Referenced by (4)

Full triples — surface form annotated when it differs from this entity's canonical label.

ISO 27001 relatedStandard ISO/IEC 27005
ISO/IEC 27005 fullName ISO/IEC 27005 self-linksurface differs
this entity surface form: ISO/IEC 27005 Information technology — Security techniques — Information security risk management
ISO/IEC 27000 family includesStandard ISO/IEC 27005
ISO/IEC developsStandard ISO/IEC 27005