ISO-IEC-27005-Risk-Manager Exam Dumps : PECB Certified ISO/IEC 27005 Risk Manager

According to ISO/IEC 27005, the input for selecting information security risk treatment options should include a list of prioritized risks along with the specific event or risk scenarios that led to those risks. This information helps decision-makers understand the context and potential impact of each risk, allowing them to choose the most appropriate treatment options. Option A is incorrect because the risk treatment plan and residual risks are outputs, not inputs, of the risk treatment process. Option C is incorrect because a list of risks with level values assigned provides limited context for selecting appropriate treatment options.

Security cameras and alarm systems are consideredtechnical controlsin the context of information security. Technical controls, also known as logical controls, involve the use of technology to protect information and information systems. These controls are designed to prevent or detect security breaches and mitigate risks related to physical access and surveillance. While security cameras and alarms are physical in nature, they fall under the broader category of technical controls because they involve electronic monitoring and alert systems. Option B (Managerial) refers to administrative policies and procedures, and option C (Legal) refers to controls related to compliance with laws and regulations, neither of which applies in this case.

Information security aims to protect information assets against threats and vulnerabilities that could lead to unauthorized access, disclosure, alteration, or destruction. By implementing effective security measures (such as access controls, encryption, and monitoring), an organization reduces the likelihood of vulnerabilities being exploited and mitigates the potential impact of risks. According to ISO/IEC 27005, risk management in information security includes identifying, assessing, and applying controls to reduce both the likelihood and impact of potential risks. Thus, option A is correct because it acknowledges the role of information security in reducing the impact of risks. Option B is incorrect because information security is a key component of risk management, and option C is incorrect because information security does not eliminate risks entirely; it mitigates their impact.