ISO 27001 - Information Security Management System (ISMS)
ISO 27001 is the international standard for information security management systems (ISMS). It defines requirements for the establishment, operation, and continuous improvement of information security.
Summary: ISO/IEC 27005 is the international standard for information security risk management. It defines the process for risk identification, assessment, treatment, and communication as part of an ISMS in accordance with ISO 27001. ISO 27005 is a methodological guide, not a certifiable standard, and describes how risks are assessed and treated in a structured manner.
Sources & References
- [1] ISO/IEC 27001:2022 - Information security management systems - International Organization for Standardization
- [2] BSI-Grundschutz und ISO 27001 - Bundesamt für Sicherheit in der Informationstechnik
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
Dipl.-Math. (WWU Münster) und Promovend am Promotionskolleg NRW (Hochschule Rhein-Waal) mit Forschungsschwerpunkt Phishing-Awareness, Behavioral Security und Nudging in der IT-Sicherheit. Verantwortet den Aufbau und die Pflege von ISMS, leitet interne Audits nach ISO/IEC 27001:2022 und berät als externer ISB in KRITIS-Branchen. Lehrbeauftragter für Communication Security an der Hochschule Rhein-Waal und NIS2-Schulungsleiter bei der isits AG.
3 Publikationen
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Self-promotion with a Chance of Warnings: Exploring Cybersecurity Communication Among Government Institutions on LinkedIn (2024)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
