ISO 27005 STANDARD — Information security risk management
International Standard to conduct Information Security Risk Assessments
What is ISO/IEC 27005?
ISO 27005 is the international standard that describes how to conduct an information security risk assessment in order to meet the requirements of ISO 27001.
Information security risk management is compulsory for an organization to ensure organizational security. Information security heavily relies on risk management. Risk can have an impact on a company’s mission, goals, procedures, and strategy. The management of the likelihood of occurrence, business impact, and other factors that affect decision-making and performance are all covered by the risk management framework. The goal of information security is to secure or defend information assets by considering the dangers to confidentiality, integrity, and availability.
Why is important ISO/IEC 27005?
It provides guidelines for the establishment of a systematic approach to manage the Information Security risk of the organization.
- The ability to recognize asset risk.
- The ability to help in organizing the ISRM process.
- The ability to gather information for putting a risk management approach in place for information security.
Information security risk management process
According to ISO/IEC 27005:2011 risk management process divided into 7 stages
- Context establishment
- Risk identification
- Risk analysis
- Risk evaluation
- Risk treatment
- Risk acceptance
- Monitoring and review
This standard helps to ensure the company security in organizational manner. The establishment of an efficient information security system within the firm is facilitated by this risk assessment procedure.
For further reference:-
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Written by:- Chandimal Ekanayake — 3rd Year 2nd Semester Cyber Security Student — SLIIT