ISOgal2
15th July 2008, 11:33 AM
This is the latest standard from the emerging ISO 27000 series to be published (the PDF version (http://www.standardsdirect.org/iso27005.htm) was released last week I believe).
It covers information security risk management, and is very much related to ISO 27001. The contents are listed on 27000.org's Introduction to ISO 27005 (http://www.27000.org/iso-27005.htm) page. This also states that it is not aligned to a specific risk methodology, which is a positive, as there were rumours to the contrary.
It is still unclear though how this standard relates to the others in the risk management field, such as ISO 31000 and BS7799-3. 31000 is due out early next year.
At the risk of sounding like a stuck record, it really would be nice for ISO to publish a map of standards, including interactions, in both this arena and business continuity.
Despite this, on first look, 27005 does look to be a good standard, with plenty of meat.
It covers information security risk management, and is very much related to ISO 27001. The contents are listed on 27000.org's Introduction to ISO 27005 (http://www.27000.org/iso-27005.htm) page. This also states that it is not aligned to a specific risk methodology, which is a positive, as there were rumours to the contrary.
It is still unclear though how this standard relates to the others in the risk management field, such as ISO 31000 and BS7799-3. 31000 is due out early next year.
At the risk of sounding like a stuck record, it really would be nice for ISO to publish a map of standards, including interactions, in both this arena and business continuity.
Despite this, on first look, 27005 does look to be a good standard, with plenty of meat.
