ISO/IEC 27005
E108040
ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
All labels observed (2)
| Label | Occurrences |
|---|---|
| ISO/IEC 27005 canonical | 3 |
| ISO/IEC 27005 Information technology — Security techniques — Information security risk management | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T868204 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: ISO/IEC 27005 Context triple: [ISO 27001, relatedStandard, ISO/IEC 27005]
-
A.
ISO/IEC 27002
ISO/IEC 27002 is an international standard that provides best-practice guidelines and controls for information security management.
-
B.
ISO/IEC 27000 family
The ISO/IEC 27000 family is an international set of standards that provides best-practice frameworks and requirements for establishing, implementing, maintaining, and continually improving information security management systems.
-
C.
ISO 31010
ISO 31010 is an international standard that provides guidelines and a comprehensive toolkit of techniques for risk assessment within risk management frameworks.
-
D.
ISO 27001
ISO 27001 is an internationally recognized standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
-
E.
ISO 31000
ISO 31000 is an international standard that provides principles and guidelines for effective risk management applicable to organizations of all types and sizes.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: ISO/IEC 27005 Target entity description: ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
-
A.
ISO/IEC 27002
ISO/IEC 27002 is an international standard that provides best-practice guidelines and controls for information security management.
-
B.
ISO/IEC 27000 family
The ISO/IEC 27000 family is an international set of standards that provides best-practice frameworks and requirements for establishing, implementing, maintaining, and continually improving information security management systems.
-
C.
ISO 31010
ISO 31010 is an international standard that provides guidelines and a comprehensive toolkit of techniques for risk assessment within risk management frameworks.
-
D.
ISO 27001
ISO 27001 is an internationally recognized standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
-
E.
ISO 31000
ISO 31000 is an international standard that provides principles and guidelines for effective risk management applicable to organizations of all types and sizes.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
ISO/IEC standard
ⓘ
information security standard ⓘ risk management standard ⓘ |
| alignedWith | ISO/IEC 27001 requirements for risk management ⓘ |
| appliesTo | organizations of all types and sizes ⓘ |
| basedOn |
ISO/IEC 27000 family
ⓘ
surface form:
ISO/IEC 27000 information security management systems concepts
|
| category | information security risk management guideline ⓘ |
| covers |
risk acceptance
ⓘ
risk analysis ⓘ risk communication ⓘ risk evaluation ⓘ risk identification ⓘ risk monitoring and review ⓘ risk treatment ⓘ |
| defines | systematic approach to information security risk management ⓘ |
| focusesOn | information security risk management ⓘ |
| fullName |
ISO/IEC 27005
self-linksurface differs
ⓘ
surface form:
ISO/IEC 27005 Information technology — Security techniques — Information security risk management
|
| geographicalScope | international ⓘ |
| intendedFor |
ISMS implementers
ⓘ
information security managers ⓘ risk managers ⓘ |
| language | English ⓘ |
| objective |
to ensure that information security risks are identified and managed
ⓘ
to support the implementation of an effective information security risk management process ⓘ |
| partOfSeries | ISO/IEC 27000 family ⓘ |
| providesGuidelinesFor |
continual improvement of information security risk management
ⓘ
establishing information security risk management ⓘ implementing information security risk management ⓘ maintaining information security risk management ⓘ |
| publishedBy |
International Electrotechnical Commission
ⓘ
International Organization for Standardization ⓘ |
| relatedTo |
ISO/IEC 27002
ⓘ
ISO/IEC 27003 ⓘ ISO/IEC 27004 ⓘ |
| subjectArea |
information security management systems
ⓘ
information technology security techniques ⓘ |
| supports |
ISO 27001
ⓘ
surface form:
ISO/IEC 27001
|
| supportsProcess |
asset identification
ⓘ
definition of risk acceptance criteria ⓘ establishing an information security risk management context ⓘ impact assessment ⓘ likelihood assessment ⓘ risk determination ⓘ selection of risk treatment options ⓘ threat identification ⓘ vulnerability identification ⓘ |
| targetAudience | organizations implementing an ISMS ⓘ |
| usedFor |
designing an information security risk management framework
ⓘ
supporting certification against ISO/IEC 27001 ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: ISO/IEC 27005 Description of subject: ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.