ISO/IEC 27005:2008 信息技术 安全技术 信息安全风险管理

标准编号：ISO/IEC 27005:2008

中文名称：信息技术 安全技术 信息安全风险管理

英文名称：Information technology — Security techniques — Information security risk management

发布日期：2008-06

标准范围

ISO/IEC 27005:2008提供了信息安全风险管理指南。它支持ISO/IEC 27001中规定的一般概念，旨在帮助基于风险管理方法满意地实施信息安全。了解ISO/IEC 27001和ISO/IEC 27002中描述的概念、模型、过程和术语对于全面理解ISO/IEC 27005:2008非常重要。ISO/IEC 27005:2008适用于所有类型的组织（如商业企业、政府机构、非营利组织），这些组织打算管理可能危及组织信息安全的风险。

ISO/IEC 27005:2008 provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2008. ISO/IEC 27005:2008 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization's information security.

标准预览图