Hi All,
This document provides guidance to assist organizations to:
- fulfill the requirements of ISO/IEC 27001 concerning actions to address information security risks;
- perform information security risk management activities, specifically information security risk assessment and treatment.
This document applies to all organizations, regardless of type, size, or sector.
This standard can be previewed here:
https://www.iso.org/obp/ui/#iso:std:iso-iec:27005:ed-4:v1:enThis standard can be purchased here:
https://www.iso.org/standard/80585.html------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------