Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 10 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 10
Topic #: 1
[All ISO-IEC-27005-Risk-Manager Questions]

Scenario 1

The risk assessment process was led by Henry, Bontton's risk manager. The first step that Henry took was identifying the company's assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers' personal data.

Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.

Based on the scenario above, answer the following question:

Bontton established a risk management process based on ISO/IEC 27005, to systematically manage information security threats. Is this a good practice?

Show Suggested Answer Hide Answer
Suggested Answer: C

The information security risk assessment process, as outlined in ISO/IEC 27005, typically includes identifying risks, assessing their potential impact, and prioritizing them. However, selecting risk treatment options is not part of the risk assessment process itself; it is part of the subsequent risk treatment phase. Therefore, option C is the correct answer as it is not included in the risk assessment process.


by Delmy at Sep 17, 2024, 04:32 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Patti
27 days ago
Wait, Bontton is in the food sector? Oh man, they're gonna need more than just ISO/IEC 27005 to protect their customers' data. Better call in the cybersecurity chefs!
upvoted 0 times
...
Eva
28 days ago
I'm not so sure. Doesn't ISO/IEC 27005 only apply to the IT sector? I'm not convinced it's the right framework for a company in the food industry.
upvoted 0 times
...
Mignon
29 days ago
I agree, following ISO/IEC 27005 is a best practice. It helps organizations like Bontton stay ahead of the curve when it comes to cybersecurity.
upvoted 0 times
Jacquelyne
4 days ago
B) Yes, ISO/IEC 27005 provides guidelines to systematically manage all types of threats that organizations may face
upvoted 0 times
...
Jacinta
6 days ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats
upvoted 0 times
...
...
Alecia
1 months ago
ISO/IEC 27005 is definitely the way to go for managing information security risks. It provides a structured approach to identifying, analyzing, and treating those threats.
upvoted 0 times
Karl
2 days ago
B) Yes, ISO/IEC 27005 provides guidelines to systematically manage all types of threats that organizations may face
upvoted 0 times
...
Virgilio
11 days ago
ISO/IEC 27005 is a great framework for managing information security risks.
upvoted 0 times
...
Jody
23 days ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats
upvoted 0 times
...
...
Nana
2 months ago
I think it's important to have a systematic approach to managing information security threats, so I also believe that using ISO/IEC 27005 is a good practice.
upvoted 0 times
...
Horace
2 months ago
I agree with Ellsworth. Using ISO/IEC 27005 for information security risk management is a good practice.
upvoted 0 times
...
Ellsworth
2 months ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats.
upvoted 0 times
...

Save Cancel