ISO/IEC 27005:2018, Information technology – Security techniques – Information security risk management, supports the information security risk management processes specified in ISO/IEC 27001.
ISO/IEC 27005:2018 provides guidelines for information security risk management. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this standard.
This document supports the main concepts specified in ISO/IEC 27001 and is designed to assist with the implementation of information security based on a risk management approach.
This document applies to all types of organisations (e.g. commercial enterprises, government agencies, non-profit organisations) that intend to manage risks that can compromise their information security.