Purpose
How to use this page
Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.
This guide is the ISO/IEC 27005 view of the vault. It will grow as you provide more risk-management material.
Use it to connect:
- information security risk context;
- risk identification;
- risk analysis;
- risk evaluation;
- risk treatment;
- risk acceptance;
- communication and consultation;
- monitoring and review;
- ISO/IEC 27001 Statement of Applicability;
- ISO/IEC 27002 control guidance.
Starting notes
- ISO 27005 Knowledge Base MOC
- ISO 27005 Risk Process Notes
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- A.5 Controls Implementation Audit Risk Mapping
- Asset Threat Vulnerability Risk Control Evidence Data Model
- Risk Assessment
- Risk and Control Mapping Table
- Statement of Applicability Support Table
Practical mentor view
ISO/IEC 27005 should make the risk logic behind the ISMS defensible. It is not a separate paperwork universe. It should explain why a control exists, why it is enough, why residual risk is acceptable, and why management should fund or accept the decision.
Research basis
ISO describes ISO/IEC 27005:2022 as guidance on managing information security risks that supports an ISO/IEC 27001-based ISMS. ISO also states that it covers the risk management cycle beyond risk assessment, including treatment, communication, monitoring, and review.
External references
- Iso27005
- Risk management
- Isms
- Moc
Note Metadata
Aliases: ISO27005 Guide, ISO 27005 Guide
Source: 07 ISO 27005 Risk Guide/ISO 27005 Risk Management Guide MOC.md
Graph-sourced resources
Templates and evidence
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.
Related Notes
- ISO27001 ISMS KB - Start Here
- Risk Assessment
- Statement of Applicability
- ISMS Implementation Roadmap
- ISO 27001 Implementer Guide
- ISO 27005 Risk Process Notes
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- ISO 27005 Knowledge Base
- Asset Threat Vulnerability Risk Control Evidence Data Model
- Template - Risk and Control Mapping Table
- Template - Statement of Applicability Support Table
- ISO 27001 Overview
- Templates MOC