ISO/IEC 27005 is part of a growing family of International Standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in the area of information security management systems (ISMS). This family of International Standards is often referred to as the 'ISO/IEC 27000 series'. Its full title is ISO/IEC 27005, Information technology — Security techniques — Information security risk management.
The purpose of ISO/IEC 27005 is to provide guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. It does not specify, recommend or even name any specific risk analysis method, although it does specify a structured, systematic and rigorous process from analysing risks to creating the risk treatment plan.