Free Preparation Discussions
MENU
PECB ISO-IEC-27005-Risk-Manager Exam - Topic 2 Question 19 Discussion
Topic #: 2
Scenario 8: Biotide is a pharmaceutical company that produces medication for treating different kinds of diseases. The company was founded in 1997, and since then it has contributed in solving some of the most challenging healthcare issues.
As a pharmaceutical company, Biotide operates in an environment associated with complex risks. As such, the company focuses on risk management strategies that ensure the effective management of risks to develop high-quality medication. With the large amount of sensitive information generated from the company, managing information security risks is certainly an important part of the overall risk management process. Biotide utilizes a publicly available methodology for conducting risk assessment related to information assets. This methodology helps Biotide to perform risk assessment by taking into account its objectives and mission. Following this method, the risk management process is organized into four activity areas, each of them involving a set of activities, as provided below.
1. Activity area 1: The organization determines the criteria against which the effects of a risk occurring can be evaluated. In addition, the impacts of risks are also defined.
2. Activity area 2: The purpose of the second activity area is to create information asset profiles. The organization identifies critical information assets, their owners, as well as the security requirements for those assets. After determining the security requirements, the organization prioritizes them. In addition, the organization identifies the systems that store, transmit, or process information.
3. Activity area 3: The organization identifies the areas of concern which initiates the risk identification process. In addition, the organization analyzes and determines the probability of the occurrence of possible threat scenarios.
4. Activity area 4: The organization identifies and evaluates the risks. In addition, the criteria specified in activity area 1 is reviewed and the consequences of the areas of concerns are evaluated. Lastly, the level of identified risks is determined.
The table below provides an example of how Biotide assesses the risks related to its information assets following this methodology:
According to the risk assessment methodology used by Biotide, what else should be performed during activity area 4? Refer to scenario 8.
According to ISO/IEC 27005, the output of the documentation of risk management processes should include detailed information about the results of the risk assessment and the chosen risk treatment options. This ensures transparency and provides a clear record of the decision-making process related to information security risk management. Therefore, option B is the correct answer.
Nada
2 months agoJess
2 months agoAlex
2 months agoFausto
3 months agoMabelle
3 months agoSharita
3 months agoRoselle
3 months agoSarah
4 months agoClarinda
4 months agoAn
4 months agoFrederick
4 months agoFranchesca
4 months agoAnnmarie
5 months agoHerschel
5 months agoApolonia
10 months agoValda
8 months agoElvis
8 months agoAsuncion
8 months agoAvery
10 months agoJettie
10 months agoDenise
9 months agoYen
9 months agoLoise
9 months agoRaina
10 months agoRomana
8 months agoLorita
9 months agoEugene
9 months agoKirk
10 months agoCharisse
9 months agoMerlyn
9 months agoJean
10 months agoJovita
10 months agoDeane
11 months agoCarin
11 months ago