ISO/IEC 27005, Information technology - Security techniques - Information security risk management

4. What is ISO 27005 and do you have information security and operational specific policy and procedure documents relating to this well-known standard?

ISO/IEC 27005, Information technology - Security techniques - Information security risk management, provides comprehensive guidelines relating to the broader subject of risk management. While it may not provide explicit guidance on which of the many risk standards and frameworks to utilize, it does offer in-depth information relating to critical topics regarding risk. More specifically, the publication (approximately 55 pages) includes the following content:

  • Foreword
  • Introduction
  • Normative references
  • Terms and definitions
  • Structure
  • Background
  • Overview of the ISRM Process
  • Context Establishment
  • Information Security Risk Assessment (ISRA)
  • Information Security Risk Treatment
  • Information security Risk Acceptance
  • Information security Risk Communication
  • Information security Risk Monitoring and Review
  • Annex A: Defining the scope of the process
  • Annex B: Asset valuation and impact assessment
  • Annex C: Examples of Typical Threats
  • Annex D: Vulnerabilities and vulnerability assessment methods
  • Annex E: ISRA approaches

Information Security Policies for ISO 27005 | Download Risk Management Packet 
If you’re seeking to implement an enterprise-wide risk management framework, then ISO 27005 is a great place to begin learning about important considerations regarding the broader subject of risk.  Flat Iron Technologies, LLC offers comprehensive risk management consulting services, including industry leading policies, procedures, and forms for conducting risk assessments. Additionally, organizations can also download the Global Information Security Compliance Packet (GISCP) set of security documents containing hundreds of information security and operational policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more. 

Learn more about our signature product, the Global Information Security Compliance Packet (GISCP)the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.

Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.

GISCP - PREMIER Edition ($1,479.00)

Click below to view table of contents

GISCP cover

White Papers