The International Standards Organization (ISO) recently released an updated version of its security risk management guidelines, ISO/IEC 27005:2018, which are a framework for effective management of cybersecurity risks.
Edward Humphreys, convener of the working group that developed both the ISO 27001 and ISO 27005, said in a press release that the ISO 27005 “provides the ‘why, what and how’ for organizations to be able to manage their information security risks effectively in compliance with ISO/IEC 27001.” The previous version of ISO 27005 was released in 2011 and had become somewhat out of alignment with the ISO 27001:2013.
Here are several ways in which the ISO 27005:2018 can bring value to cybersecurity leaders as well as other stakeholders in the organization.
