PECB ISO-IEC-27001-Lead-Implementer Exam With Confidence Using Practice Dumps

 According to ISO/IEC 27001:2022, information security risk can be accepted as one of the four possible options for risk treatment, along with avoiding, modifying, or sharing the risk12. Risk acceptance means that the organization decides to tolerate the level of risk without taking any further action to reduce it3. Risk acceptance can be done before, during, or after the risk treatment process, depending on the organization’s risk criteria and the residual risk level4.

 1: ISO 27001 Risk Assessments | IT Governance UK 2: ISO 27001 Risk Assessment: 7 Step Guide - IT Governance UK Blog 3: ISO 27001 Clause 6.1.2 Information security risk assessment process 4: ISO 27001 Risk Assessment & Risk Treatment: The Complete Guide - Advisera

Annex A control A.8.26 Application security requirements mandates that security requirements must be identified, specified, and approved during the development or acquisition of applications.

“Information security requirements shall be identified, specified and approved when developing or acquiring applications.”

— ISO/IEC 27001:2022, Annex A, Control 8.26 Application security requirementsQuestion No. 22/80

What iS the purpose of ISO,'IEC 27002 clause 8ü8?

TO ensure all security requitements are addressed during application development

To ensure software is written securely to reduce information security vulnerabilities

To ensure secure system design principles are followed