(ISO: Geneva) -- Organizations of all types are very concerned by threats that could compromise their information security and managing this aspect has become a primary concern for their information-technology (IT) departments. The new international standard ISO/IEC 27005, which describes the information-security risk-management process and associated actions, will help them to manage risks.

Threats may be deliberate or accidental, and may relate to either the use and application of IT systems or to IT’s physical and environmental aspects. These threats may take any form, from identity theft, risks of doing business on-line, denial of service attacks, remote spying, theft of equipment or documents to a seismic or climatic phenomenon, fire, floods, or pandemic problems. These threats may result in various business impacts, for example, financial loss or damage, loss of essential network services, loss of customer confidence through to loss power supply or failure of telecommunication equipment.

A risk is a combination of the consequences that would follow from the occurrence of an unwanted event and the likelihood of the occurrence of the event.

 …