A draft of a new version of GOST on information security risk management has been published
On October 5, 2023, the Executive Secretary of TK 362 ("Information Protection") sent a request to the committee members to prepare a review of the new version of the GOST R ISO/IEC 27005 standard "Information Security, Cybersecurity and Privacy Protection. Information Security Risk Management Guide. Requirements and guidelines. " It is assumed that the committee members will prepare their comments on the new text of the standard, which is published on the FSTEC website, by October 20.
Actually, the standard GOST R ISO/IEC 27005 has already been adopted in Russia and has been in effect since December 2011. It is part of the international series of standards of the so-called twenty-thousandth series, which is devoted to managing information security risks. In fact, this was a translation of the international standard ISO/IEC 27005:2008 "Information technology - Security techniques - Information security risk management," which was then carried out by NPF Kristall LLC and FGU GNII PTZI FSTEC Russia on the basis of an authentic translation. In its structure, it supports the general concepts defined in GOST R ISO/IEC 27001 and is designed to create an information security management service based on an approach related to information security risk management.
The modern translation is based on the update of the international standard ISO/IEC 27005:2022, which was recently adopted by ISO. However, this time the translation of the standard was carried out by the National Research University of MIET, in particular: head of the development of Ph.D., associate professor Voevodin Vladislav Alexandrovich; responsible developer, 2nd year graduate student of the Department of Information Security, MIET Dmitry Sergeyevich Burenok. In addition, in the summer, the update of the ISO/IEC 27001:2022 basic standard, which was translated by the Russian Register association and revised the basic requirements for the risk management system, was also considered.
The explanatory note to the draft GOST R ISO/IEC 27005 standard states that "compared to the previous version, the risk management process is carried out in 5 stages instead of 6 (revised approach to risk acceptance), added 2 new items in terms of risk management documentation, all risk management actions were compared with triggers in the implementation of which these actions should be carried out, 6 appendices in the previous version of the standard were replaced by 1 integrated in the new one, the item structure was also changed in accordance with the ISO/IEC 27001 structure, the terminology was adapted taking into account ISO 31000:2018. "
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |