What's the difference between ISO 27005 and ISO 31000?

ISO 27005 standard ‘provides guidelines for information security risk management’ and ‘supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. While ISO 31000 provides principles, framework and a process for managing risks. It gives consideration to all types of risks unlike the former mentioned 27005 which is specific for information security risks

Please look through at the following website:

http://theriskacademy.org/is0-31000-iso-27005/

ISO5 was designed to provide guidelines on Information Security Risk Management. It supports the implementation of ISMS based on ISO1 & ISO2 from a risk management perspective or approach.

ISO0 on the other hand was designed to provide guidelines on the management of risks be it strategic risk, credit risk, financial risk, operational risk, information security risk and all other risks you can think of. It is general and not tied to a particular risk. It talks about frameworks for the management of general risk.

So, the difference here is; ISO5 is specifically for managing Information Security risks while ISO0 is general to all types of risks.

Both are Guidelines for the Risk Management, but

ISO 27005 are the Guidelines for the Risk Management Evaluation and Implementation as per requirements of ISO 27001 Standard - Which is Information Security Management System.

On the other hand ISO 31000 are Guidelines for the Risk Management designing, Implementation and Maintenance throughout the Organization and emphasizes on ERM (Enterprise Risk Management). The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.