ISO 27005
Titel:
ISO 27005:2011 Information technology — Security techniques — Information security risk management
Herausgeber:
ISO
Veröffentlichung:
Juni 2008, Revision 2011
Beschreibung:
ISO 27005 gibt Guidelines für das Risikomanagement in der Informationssicherheit und konkretisiert die Anforderungen des ISO 27001 an den Risk Management-Prozess.
“ISO/IEC 27005:2011 provides guidelines for information security risk management.
It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011.
ISO/IEC 27005:2011 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s information security.”
Zertifizierung:
Zertifizierung nach ISO 27001
Bezug: