ISO 27005:2018
Assign topic to the user
If I understood correctly, you want insight into the relevance of ISO 27005 to currently ISO 27001 based ISMS’s.
Considering that, although the asset, threat, and vulnerability risk identification method are no longer mandatory for ISO 27001, it still continues to be one of the most used approaches, due to its simplicity, so you should keep the ISO 27005 standard in your read list. For other approaches for risk assessment, you should consider also reading ISO 31010, which covers other Risk assessment techniques.
For further information, see:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
Comment as guest or Sign in
Jan 04, 2022