|Year of Declaration||2009|
|Number of Pages||55|
Provides guidelines for information security risk management. This standard supports the general concepts in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Knowledge of the concept, models, processes, and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this International Standard. This standard is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organization) which intend to manage risks that could compromise the organization's information security.