标准摘要
[中文适用范围]: 本国际标准提供了信息安全风险管理的指南。 本国际标准支持 ISO/1EO 27001 中规定的一般概念,旨在帮助基于风险管理方法令人满意地实施信息安全。 了解 ISO/IEC27001 和 ISO/IEC 27002 中描述的概念、模型、过程和术语对于完整理解本国际标准非常重要。 本国际标准适用于打算管理可能危及组织信息安全的风险的所有类型的组织(例如商业企业、政府机构、非营利组织)。 [外文原描述]: ISO/IEC 27005:2008 provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2008. ISO/IEC 27005:2008 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization's information security.
英文名称Information technology - Security techniques - Information security risk management