Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27005-Risk-Manager Exam - Topic 4 Question 26 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 26
Topic #: 4
[All ISO-IEC-27005-Risk-Manager Questions]

Scenario 1

The risk assessment process was led by Henry, Bontton's risk manager. The first step that Henry took was identifying the company's assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers' personal data.

Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.

Based on scenario 1, Bontton used ISO/IEC 27005 to ensure effective implementation of all ISO/IEC 27001 requirements. Is this appropriate?

Show Suggested Answer Hide Answer
Suggested Answer: C

ISO/IEC 27005 is an international standard specifically focused on providing guidelines for information security risk management within the context of an organization's overall Information Security Management System (ISMS). It does not provide direct guidance on implementing the specific requirements of ISO/IEC 27001, which is a standard for establishing, implementing, maintaining, and continually improving an ISMS. Instead, ISO/IEC 27005 provides a framework for managing risks that could affect the confidentiality, integrity, and availability of information assets. Therefore, while ISO/IEC 27005 supports the risk management process that is crucial for compliance with ISO/IEC 27001, it does not contain specific guidelines or methodologies for implementing all the requirements of ISO/IEC 27001. This makes option C the correct answer.


ISO/IEC 27005:2018, 'Information Security Risk Management,' which emphasizes risk management guidance rather than direct implementation of ISO/IEC 27001 requirements.

ISO/IEC 27001:2013, Clause 6.1.2, 'Information Security Risk Assessment,' where risk assessment and treatment options are outlined but not in a prescriptive manner found in ISO/IEC 27005.

by Dortha at Mar 09, 2026, 01:56 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Vernell
24 hours ago
I agree, it helps with implementing ISO/IEC 27001 requirements.
upvoted 0 times
...
Carole
6 days ago
ISO/IEC 27005 is definitely useful for risk management!
upvoted 0 times
...
Laticia
11 days ago
I recall that ISO/IEC 27005 supports the risk management process, but I can't quite remember if it directly addresses all the requirements of ISO/IEC 27001. This is tricky!
upvoted 0 times
...
Mozell
16 days ago
I feel like I might have seen something that said ISO/IEC 27005 doesn't cover all the implementation details for ISO/IEC 27001. So, I’m leaning towards option C.
upvoted 0 times
...
Winfred
22 days ago
I think I came across a practice question that mentioned ISO/IEC 27005 providing methodologies for risk management. That makes me lean towards option B.
upvoted 0 times
...
Cherri
27 days ago
I remember studying that ISO/IEC 27005 is really about risk management, but I'm not sure if it directly guides all ISO/IEC 27001 requirements.
upvoted 0 times
...

Save Cancel