ISO/IEC 27005:2022

Information security, cybersecurity and privacy protection. Guidance on managing information security risks.

This document provides guidance to assist organizations to:

• fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
• perform information security risk management activities, specifically information security risk assessment and treatment.

This document is applicable to all organizations, regardless of type, size or sector.