Answer: The ISO 27005 Standard for InfoSec Risk Management has a five-stage management methodology that includes risk treatment and risk communication.
Explanation: ISO 27005 provides standards for risk management, the process of identifying and mitigating threats to your network and its assets. This particular standard is applicable to organizations of all sizes and in all industries. The term methodology means an organized set of principles and rules that drive action in a particular field of knowledge. A methodology does not describe specific methods; nevertheless it does specify several processes that need to be followed. These processes constitute a generic framework. They may be broken down in sub-processes, they may be combined, or their sequence may change. However, any risk management exercise must carry out these processes in one form or another; the following document compares the processes foreseen by three leading standards (ISO 27005, NIST SP 800-30 & OCTAVE). Specifically, ISO 27005 provides standards for risk management, the process of identifying and mitigating threats to your network and its assets. This particular standard is applicable to organizations of all sizes and in all industries.