ISO 27005:2011 is finally here. ISO 27005:2011 is the newly released international information security risk management standard. ISO 27005:2011 is the new standard that is essential for practitioners of business continuity, information security and anyone undertaking an information security risk management project.
ISO/IEC 27005:2011 is designed to assist the satisfactory implementation of information security based on a risk management approach. It provides practical guidance on carrying out the risk assessment required by ISO 27001.
ISO 27005:2011 replaces ISO 27005:2008, and includes a significant amount of changes and improvements. The new Standard is more coherent than its predecessor and is applicable to any organisation, of any size, in any sector. The new Standard is also aligned with ISO 3100, the risk management standard, making it easier to integrate enterprise risk management with information security risk management.
Alan Calder, CEO of IT Governance states:
“ISO 27005 should become standard additional guidance on risk assessment – the ISMS core competence – for all organisations tackling ISO 27001.”
Organistions implementing ISO 27005:2011 should consider using the risk assessment tool, vsRisk™. The unique tool minimises the need for specialist knowledge by automating and delivering an ISO 27001 compliant risk assessment. Its wizard based approach simplifies and accelerates the risk assessment process, saving time and money.
vsRisk™ has been designed with the user in mind and for the first time empowers the user to comply with the requirements of ISO 27001:2005 and to effectively identify, analyse and control their actual information risks in line with their business objectives.