Licensed Russian Translation of ISO/IEC 27005:2008, International Standard on Information Security Risk Management Released
This publication is translated and distributed under license agreement No. 2008JK0022 with BSI № 2008JK0022, under which licensed Russian translations of a number of international and British standards in the sphere of information security and business continuity management were already released, including BS ISO/IEC 27001: 2005, BS ISO/IEC 27002: 2005, BS 7799-3: 2006, BS 25999-1: 2006, BS 25999-2: 2007 and PAS 77: 2006.
ISO 27005 provides guidelines for information security risk management. It supports general concepts specified in ISO/IEC 27001 and is designed to "assist the satisfactory implementation of information security based on a risk management approach”. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO 27005.
This International Standard is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the information security.