ISO/IEC 27005 and 27014 revisions

The study period researching the possibility of revising ISO/IEC 27005 on 'information security risk' has resolved to limit the scope of the revised standard primarily to supporting and expanding on sections 6 and 8 of ISO/IEC 27001:2013, with some consideration of other standards including ISO 31000.

An outline/skeleton document structure has been developed as part of the design specification, although it is hard even to assess it without the corresponding content. It is likely to change as the project proceeds. It was agreed to request a further 6 months to prepare a more complete draft standard before proposing a new work item.

The study period considering the revision of ISO/IEC 27014 is proposing various improvements to make the standard more generally applicable and useful.