What is ISO/IEC 27105:2019 ?

ISO/IEC 27105:2019 is an important international standard that provides organizations with guidelines for managing cybersecurity risks. It is designed to help organizations identify and evaluate potential risks, develop effective risk management strategies, and implement appropriate controls to mitigate those risks.

ISO/IEC 27105:2019 is a systematic approach that focuses on understanding the business context, identifying assets, assessing the impacts and likelihood of threats and vulnerabilities, and implementing appropriate controls to mitigate risks. It provides a comprehensive guide for organizations on how to assess and manage cybersecurity risks, and its key components include:

Understanding the Business Context: ISO/IEC 27105:2019 emphasizes the importance of understanding the business context when it comes to cybersecurity risk management. It encourages organizations to identify their unique needs and challenges, as well as their goals and objectives.

Identifying Assets: The standard encourages organizations to identify the assets that are critical to their business operations, such as data, systems, and networks.

Assessing the Impacts and Likelihood of Threats and Vulnerabilities: ISO/IEC 27105:2019 provides guidelines for organizations to assess the impacts and likelihood of threats and vulnerabilities. It encourages organizations to use a risk-based approach, which takes into account the likelihood and impact of each potential threat or vulnerability.

Implementing Appropriate Controls: The standard provides guidance for organizations on how to implement appropriate controls to mitigate the risks identified in step three. It encourages organizations to consider the overall risk management strategy when choosing controls, and to regularly review and update those controls as necessary.

In conclusion, ISO/IEC 27105:2019 is an important international standard that provides organizations with guidelines for managing cybersecurity risks. By understanding the business context, identifying assets, assessing the impacts and likelihood of threats and vulnerabilities, and implementing appropriate controls, organizations can effectively manage cybersecurity risks and protect their assets.