Strengthen your information security risk management with BS ISO/IEC 27005

Protecting the security of your organization’s information – whether it be commercially sensitive or the personal details of your clients – has never been more under the spotlight. A newly revised international standard will help.

In our hyper-connected, technology-driven world, data breaches and cyberattacks remain a significant threat to organizations. It is, therefore, unsurprising that in this current environment of frequent and highly publicized cyberattacks across every sector, public trust in the ability of companies to securely store their data has fallen significantly over recent years.

And it is businesses’ lack of awareness of their information security risks that is often to blame.

Managing information security risks requires a suitable risk assessment and risk treatment method which can include an estimation of the costs and benefits, legal requirements, the concerns of stakeholders, and other inputs and variables as appropriate.

The newly revised BS ISO/IEC 27005:2022 Information technology – Security techniques – Information security risk management provides guidance for organizations on how to wade through it all by providing a framework for effectively managing these risks.

How BS ISO/IEC 27005 helps you manage information security risks

With the increasing number of internal and external information security threats, organizations recognize the importance of adopting a formal risk management programme.

Without a mechanism to identify, analyse and manage information security risks, it’s difficult for organizations to prioritize their security remediation efforts and resource allocation and associated costs. This leaves organizations more susceptible to security breaches, which can lead to financial and reputational damage.

BS ISO/IEC 27005 provides guidance for organizational information security standards and offers best practices for information security risk management. It takes into consideration a business’ unique information security risk environment by focusing on the organization’s selection, implementation, and management of controls.

It is best used as a supplementary guide based on BS ISO/IEC 27001 Information technology. Security techniques. Information security management systems. Requirements for identifying information security risks within the processing of setting up an Information Security Management System (ISMS) and aids businesses in demonstrating a stable ISMS. It provides detailed risk management guidance to help meet related requirements specified in BS ISO/IEC 27001.

To learn more about how our standards support businesses to achieve resilient information management processes, visit our Information Management topic page.

What’s changed in the new revision of BS ISO/IEC 27005?

As technology advances, so does the way you need to manage the emerging cybersecurity risks to your information.

Our standards undergo periodic revisions to ensure that their guidance is up to date with changes in the markets. This ensures that your business can be at the forefront of protecting your information, even when the nature of cyberattacks evolve.

Complementary to BS ISO/IEC 27001, which provides the requirements for an information security management system (ISMS), BS ISO/IEC 27005 has recently been updated to reflect the new version of BS ISO/IEC 27001 and thus ensure it is best equipped to meet the demands of organizations of today.

The main changes compared to the previous edition are as follows:

  • All guidance text was updated to be in line with the newest editions of BS ISO/IEC 27001 and ISO 31000 Risk management. Guidelines
  • Terminology was modified according to ISO 31000
  • Structure of clauses was adjusted to the layout presented in BS ISO/IEC 27001
  • Risk scenario concepts were introduced
  • Event-based approach to risk identification was described in balance with the asset-based approach
  • Set of annexes was updated with several old Annexes deleted and new Annexes introduced

By adopting the newest version of BS ISO/IEC 27005, you can ensure your information security management system is enriched with the most relevant risk management guidance. This will give your stakeholders confidence in your organization’s resilience to handle sensitive and private data securely, as well as reduce the likelihood of any cyberattacks or information breaches from occurring.

Digital trust: Understanding the ISO/IEC 27000 series

Digital trust empowers organizations to safeguard their information, people, systems, and technology, to ensure safety, security, compliance, privacy, ethical requirements, and brand reputation to enable business effectiveness and efficiencies.

Using standards can help to build greater trust in the digital world, allowing your business to demonstrate its commitment to information security, and putting consumer and stakeholders’ minds at ease.

ISO/IEC 27005 is one of more than a dozen standards in the ISO/IEC 27000 series that make up the cyber-risk toolkit, led by the flagship BS ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements. Others in the series include those for protecting information in the cloud, information security in the telecoms sector, information security systems auditing and more.

Both BS ISO/IEC 27001 and BS EN ISO/IEC 27002 Information security, cybersecurity and privacy protection. Information security controls within this series have undergone recent full revisions. It is recommended that all businesses who currently use or are looking to implement these standards make sure they adopt the 2022 versions.

As technology continues to advance rapidly across all sectors, accessing the standards your business needs to adapt to emerging digital innovations does not have to be complicated and time consuming. Our tailored BSI Knowledge subscription service provides flexibility, access, visibility and control over the standards and insights your team needs to evaluate, implement, and manage new technologies. Request to learn more.

Ensure your business is working to the latest expert industry guidance when it comes to managing its information security risks. Add BS ISO/IEC 27005 to your collection today.