PECB ISO-IEC-27005-Risk-Manager Exam With Confidence Using Practice Dumps

According to ISO/IEC 27005, the output of the documentation of risk management processes should include detailed information about the results of the risk assessment and the chosen risk treatment options. This ensures transparency and provides a clear record of the decision-making process related to information security risk management. Therefore, option B is the correct answer.

Top of Form

Bottom of Form

According to ISO/IEC 27005, the input for selecting information security risk treatment options should include a list of prioritized risks along with the specific event or risk scenarios that led to those risks. This information helps decision-makers understand the context and potential impact of each risk, allowing them to choose the most appropriate treatment options. Option A is incorrect because the risk treatment plan and residual risks are outputs, not inputs, of the risk treatment process. Option C is incorrect because a list of risks with level values assigned provides limited context for selecting appropriate treatment options.

Based on the NIST Risk Management Framework (RMF), the last step of the risk management process is "Monitoring Security Controls." This step involves continuously tracking the effectiveness of the implemented security controls, ensuring they remain effective against identified risks, and adapting them to any changes in the threat landscape. Option A correctly identifies the final step.