With ISO 27005:2011 you will be able to implement information security into your business, via a risk management approach. This standard provides guidelines on Information Security Risk Management (ISRM), enabling you to effectively mitigate information security risks.
This standard is applicable to any organisation, regardless of size or type. Read Alan Calder’s, (CEO of IT Governance) thoughts on this new standard:
- “It is a better written, more coherent standard”
- “It is aligned with the risk management standard ISO 31000, which makes it easier to integrate enterprise risk management approaches with information security risk management”
- “It provides good, practical guidance on carrying out the risk assessment required by ISO 27001, together with clear guidance on risk scales”
- “It has good guidance on threats, vulnerabilities, likelihoods and impacts.”
Read more about this standard>>