This international standard defines the vocabulary and the principles which must be respected by any risk management approach specific to information security.

> See the standard (paying)