ISO/IEC 27005:2008

Information technology - Security techniques - Information security risk management

Standard Details

ISO/IEC 27005:2008 provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2008. ISO/IEC 27005:2008 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization's information security.

NEW! This publication is now available in formats compatible with popular ebook readers. Choose our ebooks package which includes:
- Standard PDF and ePub formats, compatible with most readers,
- ePub format optimized for Apple's iPad and iPhone, which allows full use of the functionalities of these devices,
- Mobipocket format, compatible with Amazon's Kindle.

General Information

Status : WITHDRAWN

Standard Type: Main

Document No: ISO/IEC 27005:2008

Document Year: 2008

Pages: 55

Edition: 1.0

Section Volume:
ISOIEC JTC 1.SC 27 IT security techniques

ICS:
03.100.70 Management systems *Standards included in this sub-group shall also be included in other groups and/or sub-groups according to their subject *Including environmental management systems (EMS), road traffic management systems, energy management systems, hea
35.030 IT Security *Including encryption

Preview Document