GRC Engineering

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

ISO 27005

International standard providing guidelines for information security risk management, aligned with ISO 27001. The 2022 revision explicitly supports quantitative risk analysis, providing standards-body backing for FAIR-style dollar-denominated risk quantification.

From the library

The full analysis on ISO 27005.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.