Performing Risk management according to ISO 27005

ISO 27005 is a supporting standard to ISO 27001, detailing how to implement risk management for information security (basically covering ISO 27001 clauses 6.1.2 and 6.1.3).

Considering that, general steps for risk assessment and treatment are:

• Definition of a risk assessment and treatment methodology
• Performing of risk assessment (risk identification and risk analysis)
• Performing of risk treatment (risk evaluation and controls selection)
• Elaboration of a risk treatment report
• Elaboration of Statement of Applicability (SoA)
• Elaboration of Risk Treatment Plan and acceptance of residual risks

This article will provide you a further explanation about implementing risk management:

•  ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will provide you a further explanation about implementing risk management:

• The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
• Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

If you want to see how a risk management process compliant with ISO 27005 looks like, I suggest you take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/