In the left column the generic phases coined by [7] are listed with their equivalent from the ISO 27005 standard in the middle column. [7] have also listed expected outputs for each of the phases, which can be found in the right column. Based on this process model we’ll discuss possible applications of the metamodel in order to support information security managers in their tasks.