International Standards and Conformity Assessment for all electrical, electronic and related technologies

News release – 2018 Number 05

Reducing the risks of information security breaches with ISO/IEC 27005

New legislation puts organizations under even greater pressure to ensure their information is secure


Geneva, Switzerland, 2018-07-16In our hyper-connected, technology driven world, data breaches and cyber-attacks remain a significant threat to organizations, and a lack of awareness of the risks is often to blame. A newly revised Standard will help.



Protecting the security of a company’s information – whether it be commercially sensitive or the personal details of their clients - has never been more under the spotlight. 


New legislation such as the European GDPR means organizations are under even greater pressure to ensure their information is secure. But having the most appropriate technologies and processes can be a minefield.


The newly revised ISO/IEC 27005:2018, Information technology – Security techniques – Information security risk management, provides guidance for organizations on how to wade through it all by providing a framework for effectively managing the risks.


Complementary to ISO/IEC 27001:2013, which provides the requirements for an information security management system (ISMS), ISO/IEC 27005 has recently been updated to reflect the new version of ISO/IEC 27001 and thus ensure it is best equipped to meet the demands of organizations of today. It provides detailed risk management guidance to help meet related requirements specified in ISO/IEC 27001.


Edward Humphreys, Convener of the ISO/IEC working group that developed both ISO/IEC 27001 and ISO/IEC 27005 said the Standard is a key tool in the ISO/IEC ‘cyber-risk toolbox’.


“ISO/IEC 27005 provides the ‘why, what and how’ for organizations to be able to manage their information security risks effectively in compliance with ISO/IEC 27001,” he said. “It also helps to demonstrate to an organization’s customers or stakeholders that robust risk processes are in place, giving them confidence that they are good to do business with.”


ISO/IEC 27005 is one of more than a dozen Standards in the ISO/IEC 27000 series that make up the cyber-risk toolkit, led by the flagship ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements. Others in the series include those for protecting information in the cloud, information security in the telecoms and utility sectors, cybersecurity, ISMS auditing and more.


ISO/IEC 27005 was developed by working group 1 Information security management systems of joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques. It is available from your national IEC member or the IEC webstore.

About IEC

The IEC (International Electrotechnical Commission) is the world’s leading organization that prepares and publishes globally relevant International Standards for all electric and electronic devices and systems. It brings together 171 countries; 85 are Members (National Committees) and 86 are Affiliates, developing countries that benefit from IEC work without the burden of membership.

Together they represent more than 99% of the world population and world electricity generation. More than 20 000 experts cooperate on the global IEC platform and many more in each member country.

They ensure that products work everywhere safely and efficiently with each other. The IEC also supports all forms of conformity assessment and administers four Conformity Assessment Systems that certify that components, equipment and systems used in homes, offices, healthcare facilities, public spaces, transportation, manufacturing, explosive environments and during energy generation conform to them.

IEC work covers a vast range of technologies: power generation (including all renewable energy sources), transmission, distribution, Smart Grid & Smart Cities, batteries, home appliances, office and medical equipment, all public and private transportation, semiconductors, fibre optics, nanotechnology, multimedia, information technology, and more. It also addresses safety, EMC, performance and the environment.


Find out more

Media contact:

Gabriela Ehrlich
Tel: +41 22 919 02 78
Mob: +41 79 600 56 72
Email: Gabriela Ehrlich
Skype: gabriela.ehrlich


News release 2018-05

pdf file 44 kB (English)