ISO/IEC 27005 provides guidelines for information security risk management.
It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005.
ISO/IEC 27005 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s information security.
Reference: ISO Organization
TNRSCO provides certification and educational services with formal valid certificate. For questions or inquiries, please contact us or fill out the quick contact form on this page and we will get back to you shortly.