ISO/IEC 27005:2011

Information technology -- Security techniques -- Information security risk management

ISO/IEC 27005:2011 provides guidelines for information security risk management.

It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.

Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011.

ISO/IEC 27005:2011 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization's information security.


General information

You may be interested in:

By Elizabeth Gasiorowski-Denis on
Are information security risks threatening your business? New and improved ISO/IEC 27005 standard beefs up protection
The International Standard ISO/IEC 27005:2011 which gives managers and staff in IT departments a framework for implementing a risk management approach to assist them in managing their information security management system (ISMS) risks has been published.
By Edward Humphreys on
Operation cyber-security - Solutions for business-as-usual
Stories are many and varied about the cyber-threats faced by businesses, governments and citizens. These are not merely rumours ; they are real and their impact is significant.

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information

 Subscribe