ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > ISO 27005 🟦 Standard

ISO 27005 🟦 Standard

La ISO 27005 standard is an international standard that provides guidelines for managing information security risks.

It proposes a methodology for identifying, analysing, assessing and dealing with IT risks as part of an information security management system (WSISThis standard is part of the ISO 27000 family of standards and complements theISO 27001The standard adopts the PDCA (Plan-Do-Check-Act) model to ensure continuous improvement of the risk management process. The standard adopts the PDCA (Plan-Do-Check-Act) model to ensure continuous improvement of the risk management process.

Its latest version is ISO 27005:2022 standard. It now incorporates elements of the EBIOS Risk Manager, including :

  • Linking high-level and low-level risk scenarios
  • The use of strategic and operational risk management cycles

 

To find out more, read the article :

EBIOS, ISO 27001 or ISO 27005: which method to use to manage cybersecurity risks?

Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity