See below image for the Iso27005 and the risk assessment process vigilant software 5 diagram. ISO 27005 is the international standard that describes how to conduct an information security risk assessment in accordance with the requirements of ISO 27001. Risk assessments are one of the most important parts of an organisation’s ISO 27001 compliance project.
It supports the general concepts specified in ISO 27001, and is designed to assist the satisfactory implementation of information security based on a risk management approach. vsRisk is the leading information security risk assessment tool by Vigilant Software. Vigilant Software is, an IT Governance sister company.
Given that the entire ISO27k approach is risk-aligned, identifying, evaluating and treating information risks is fundamental. The fourth edition of ISO/IEC 27005 is due to be published at about the same time as the next release of ISO/IEC 27002 and then ISO/IEC 27001.