Newly released ISO/IEC 27005:2011 helps improve risk management


Ely, England, 28 June 2011 – ISO 27005:2011, the newly released international information security risk management standard, is now available to the international community of business continuity and information security practitioners.

Information security risk management is one of the core competencies of information security. This Standard is an essential companion to ISO/IEC 27001 and ISO/IEC 27002 and replaces ISO/IEC 27005:2008.

ISO 27005:2011 supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. The Standard is applicable to all organisations of all types and sizes, which intend to manage risks that could compromise the organisations information security.

IT Governance Ltd, an international distribution partner for IEC and a global leader in ISO27001 information, products and services, is making ISO/IEC 27005:2011 available from all its main websites. ISO 27005:2011 ISRM, can be downloaded today from .

“The new ISO/IEC 27005:2011 is a much better standard than was the 2008 version”, comments Alan Calder, CEO of IT Governance, “First, it is a better written, more coherent standard.  Second, it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management. Third, it provides good, practical guidance on carrying out the risk assessment required by ISO27001, together with clear guidance on risk scales. Fourth, it has good guidance on threats, vulnerabilities, likelihoods and impacts. ISO27005 should become standard additional guidance on risk assessment – the ISMS core competence - for all organisations tackling ISO27001.”

Organisations that would like to save time and money whilst implementing the new Standard should consider applying vsRisk  – an ISO27001:2005 compliant information security risk assessment tool produced by Vigilant Software, the specialist software subsidiary of IT Governance.

vsRisk simplifies each step of an ISO27001 risk assessment, allowing compliance project managers to capture their information security policy and objectives, plus the scope of their information security management system, and undertake a rapid appraisal of all key areas, including groups, assets and owners. The tool makes ISO27001 compliance achievable for a far wider range of organisations and professionals by minimising the need for specialist knowledge and significantly undercutting the cost of generalist risk management tools.

As well as supporting ISO/IEC 27001:2005 and ISO/IEC27002, vsRisk complies with BS7799-3:2006, ISO/IEC27005, NIST SP 800-30 and the UK’s Risk Assessment Standard.

A copy of the ISO27005:2011 standard can be downloaded immediately from and the vsRisk CD-ROM can be ordered from . Both ISO27005:2011 and vsRisk can also be purchased directly from the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a Purchase Order either by telephone or by email to

This website uses cookies. View our cookie policy