ISO-IEC-27005-Risk-Manager Exam Dumps : PECB Certified ISO/IEC 27005 Risk Manager

According to ISO/IEC 27000, information security is defined as the "preservation of confidentiality, integrity, and availability of information." This definition highlights the three core principles of information security:

Confidentialityensures that information is not disclosed to unauthorized individuals or systems.

Integrityensures the accuracy and completeness of information and its processing methods.

Availabilityensures that authorized users have access to information and associated assets when required.

This definition encompasses the protection of information in all forms and aligns with ISO/IEC 27005’s guidelines on managing information security risks. Therefore, option A is the correct answer. Options B and C are incorrect as they refer to more specific aspects or other areas of information management.

Based on the NIST Risk Management Framework (RMF), the last step of the risk management process is "Monitoring Security Controls." This step involves continuously tracking the effectiveness of the implemented security controls, ensuring they remain effective against identified risks, and adapting them to any changes in the threat landscape. Option A correctly identifies the final step.

According to ISO/IEC 27005, the output of the documentation of risk management processes should include detailed information about the results of the risk assessment and the chosen risk treatment options. This ensures transparency and provides a clear record of the decision-making process related to information security risk management. Therefore, option B is the correct answer.

Top of Form

Bottom of Form