Which ISO framework specifically provides guidelines for the management of security risk?

ISO 27005 is specifically designed to provide guidelines for information security risk management. It supports organizations in establishing effective processes for managing the risks related to information security. The framework outlines a risk management process that includes risk identification, assessment, response planning, and monitoring, which is crucial for maintaining security in today’s information-rich environments.

In contrast, ISO 9001 focuses on quality management systems and is not directly related to security risk. ISO/IEC 27552 pertains to privacy and data protection guidelines rather than specifically managing security risk. ISO/IEC 27002 offers best practices for implementing security controls but does not focus solely on the risk management process. Each of these frameworks serves different but important functions within an organization, but for the specific purpose of managing security risk, ISO 27005 is the appropriate framework to reference.