Standard

BS ISO/IEC 27005:2022

Information security, cybersecurity and privacy protection. Guidance on managing information security risks

Current

Published:

What is BS ISO/IEC 27005 – Managing information security risks about?

This revised international standard is part of the highly regarded ISO/IEC 27000 series on information security management. BS ISO/IEC 27005 gives guidance on how best to tackle information security risks and is designed to be used alongside ISO/IEC 27001.

Who is BS ISO/IEC 27005 – Managing information security risks for?

Information Security professionals and management in organizations of all types, sizes and sectors as long as they create, collect, process, store, transmit and dispose of information in various forms including electronic, physical and verbal (e.g. conversations and presentations), specifically:

  • Chief Information Security Officers (CISO)
  • Cybersecurity risk analysts and advisors
  • Information security consultants
  • Risk managers in compliance and information security

What does BS ISO/IEC 27005 – Managing information security risks cover?

BS ISO/IEC 27005 provides information security risk management guidance to:

  • Fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks
  • Perform information security risk management activities, specifically information security risk assessments and treatments

BS ISO/IEC 27005 adds to the guidance in BS ISO/IEC 27003.

Why should you use BS ISO/IEC 27005 – Managing information security risks?

  • BS ISO/IEC 27005 gives the latest international best practice guidance on information security risk management
  • It supplements ISO/IEC 27001 to help organizations identify infosec risks within the process of setting up an ISMS
  • It can help reduce the likelihood of cyberattack or other information losses and increase organizational resilience
  • It takes each organization’s unique environment into account
  • It helps businesses run and demonstrate a stable and proportionate ISMS
  • It helps businesses increase stakeholders’ confidence in how information is safeguarded
  • It helps strengthen risk management in relation to infosec

BS ISO/IEC 27005 contributes to UN Sustainable Development Goal 9 on industry, innovation and infrastructure.

What’s new about BS ISO/IEC 27005:2022?

This is a revision of BS ISO/IEC 27005:2018. The major changes in BS ISO/IEC 27005:2022 are:

  1. All guidance text was updated to be in line with the newest editions of ISO/IEC 27001:2022 and BS ISO 31000:2018
  2. Terminology was modified according to BS ISO 31000 Risk Management – Guidelines.
  3. The structure of clauses was adjusted to the layout presented in ISO/IEC 27001:2022
  4. Risk scenario concepts were introduced
  5. The event-based approach is contrasted with the asset-based approach to risk identification
  6. The content of the annexes has been revised and restructured into a single annex

Learn more about BS ISO/IEC 27005:2022 by downloading our Executive Briefing here.

Product Details
Descriptors
Information
Information systems
Information transfer
Document security
Data processing
Data transmission
Data enciphering
Data security
ICS Codes
35.030 IT Security
Committee
IST/33/1
International relationships
Identical to:

ISO/IEC 27005

ISBN
978 0 539 12913 7
Publisher
BSI