Does ISO27005 contain any further information about the nature of the catalogue of threats & vulnerabilities; for example, does it provide definitions, explanations or contextual examples of each threat?
Regarding threats, ISO 27005 provides information about its type (e.g., physical damage, natural event, technical failure, etc.), examples (e.g., fire, dust, flood, defective software, etc.) and origin (e.g., intentional, accidental, etc.), but does not provide definitions, explanations or contextual examples. The exception is to human-related threats, where it provides information about threat source, motivation and potential consequences.
Regarding vulnerabilities, ISO 27005 provides information regarding vulnerability types, examples and possible threats associated to them.
Thanks but I was referring to the actual threat 'events' in the threat & vulnerability catalogue, i.e. is there a definition anywhere of what constitutes the difference between for example 'unauthorised access to info systems' opposed to 'access to network by unauthorised persons' or 'info leakage' opposed to 'disclosure of info' etc., etc.