ISO/IEC 27005:2018 信息技术 安全技术 信息安全风险管理

标准编号：ISO/IEC 27005:2018

中文名称：信息技术 安全技术 信息安全风险管理

英文名称：Information technology — Security techniques — Information security risk management

发布日期：2018-07

标准范围

ISO/IEC 27005:2018本文件提供了信息安全风险管理指南。本文件支持ISO/IEC 27001中规定的一般概念，旨在帮助基于风险管理方法令人满意地实施信息安全。了解ISO/IEC 27001和ISO/IEC 27002中描述的概念、模型、流程和术语对于完整理解本文档非常重要。本文件适用于打算管理可能危及组织信息安全的风险的所有类型的组织（如商业企业、政府机构、非营利组织）。

ISO/IEC 27005:2018 This document provides guidelines for information security risk management.
This document supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this document.
This document is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that can compromise the organization's information security.

标准预览图