Scenario 1The risk assessment process was led by Henry, Bontton’s risk manager.

Question

Scenario 1The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.Based on scenario 1, Bontton used ISO/IEC 27005 to ensure effective implementation of all ISO/IEC 27001 requirements. Is this appropriate?

Accepted Answer

C. No, ISO/IEC27005 does not contain direct guidance on the implementation of all requirements given in ISO/IEC 27001

Answer

A. Yes,ISO/IEC 27005 provides direct guidance on the implementation of the requirements given in ISO/IEC 27001

Answer

B. Yes, ISO/IEC 27005 provides a number of methodologies that can be used under the risk management framework for implementing all requirements given in ISO/IEC 27001

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam ISO-IEC-27005-Risk-Manager All Questions

PECB ISO/IEC 27005 ISO-IEC-27005-Risk-Manager Question # 16 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts: