ISO/IEC 27005:2011 is part of the ISO27000 series of standards, and provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the implementation of information security based on a risk management approach.
The advice and guidance provided in ISO/IEC 27005 is applicable to all organisations, irrespective of size or type. Whether your organisation is in the private, not-for-profit or public sectors, is a small, medium or large organisation, the advice and guidance on risk management in ISO27005 is applicable.
Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011. ISO/IEC 27001 and ISO/IEC 27002 are available to purchase from this website.
"The new ISO/IEC 27005:2011 is a much better standard than was the 2008 version. First, it is a better-written, more coherent standard. Second, it is aligned with the risk management standard ISO31000, which makes it easier to integrate enterprise risk management approaches with information security risk management. Third, it provides good, practical guidance on carrying out the risk assessment required by ISO27001, together with clear guidance on risk scales. Fourth, it has good guidance on threats, vulnerabilities, likelihoods and impacts."
- Alan Calder, CEO, IT Governance Ltd
If more than one person needs to access this Standard, you will need a multiuser licence, which is a cost-effective way of complying with the publisher's copyright restrictions. Please contact us directly for multiuser pricing options on this standard.
Please Note: We will supply either the BS or other national adoptions of these standards. All of which contain exactly the same content.
Purchase of the PDF version of this Standard is governed by BSI's copyright terms and conditions.