PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 7 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam

Question #: 7
Topic #: 1

[All ISO-IEC-27005-Risk-Manager Questions]

According to ISO/IEC 27005, what is the output of the documentation of risk management processes?

AKnowledge on the information security risk assessment and treatment processes in accordance with clauses 7 and 8 of the standard

BDocumented information about the information security risk assessment and treatment results

CDocumented information that is necessary for the effectiveness of the information security risk assessment or risk treatment processes

Show Suggested Answer

Suggested Answer: B

According to ISO/IEC 27005, the output of the documentation of risk management processes should include detailed information about the results of the risk assessment and the chosen risk treatment options. This ensures transparency and provides a clear record of the decision-making process related to information security risk management. Therefore, option B is the correct answer.

by Glenn at Sep 16, 2024, 09:46 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Barbra

2 months ago

Who needs documentation when you can just wing it? But in all seriousness, B is the way to go.

upvoted 0 times

Hyun

25 days ago

User 3: Hyun is right, B) Documented information about the information security risk assessment and treatment results is crucial.

upvoted 0 times

...

Hollis

28 days ago

User 2: Hollis, documentation is important for consistency and accountability.

upvoted 0 times

...

Colton

1 months ago

User 1: Who needs documentation when you can just wing it?

upvoted 0 times

...

Brett

2 months ago

Ah, the age-old debate of 'what does the standard really mean?' I'm going with B, just to play it safe.

upvoted 0 times

Dierdre

1 months ago

I'm not sure, but I'll go with B too.

upvoted 0 times

...

Sanda

1 months ago

I agree, it seems like the safest option.

upvoted 0 times

...

Lucy

2 months ago

I think the output is B) Documented information about the information security risk assessment and treatment results.

upvoted 0 times

...

Stephanie

2 months ago

I believe it's knowledge on the risk assessment and treatment processes in accordance with the standard clauses.

upvoted 0 times

...

Joanna

2 months ago

Option C looks tempting, but I'm not sure it fully covers the requirement for documenting the actual risk assessment and treatment results. I'd go with B.

upvoted 0 times

Edelmira

2 months ago

True, but B specifically mentions documenting the results.

upvoted 0 times

...

Tasia

2 months ago

But C mentions the effectiveness of the risk assessment processes.

upvoted 0 times

...

Myra

2 months ago

I agree, B seems to provide the necessary documentation.

upvoted 0 times

...

Dalene

2 months ago

I think B is the best choice here.

upvoted 0 times

...

Royal

3 months ago

I agree with Shannan. It's important to have documented information for the effectiveness of the risk assessment processes.

upvoted 0 times

...

Danica

3 months ago

I agree with Helaine. Option B seems to be the most comprehensive answer that captures the output of the risk management processes.

upvoted 0 times

Jovita

2 months ago

Option B it is then, documented information about the assessment and treatment results.

upvoted 0 times

...

Shawna

2 months ago

I agree, it covers the documentation of risk management processes.

upvoted 0 times

...

Merrilee

2 months ago

I think option B is the best choice.

upvoted 0 times

...

Helaine

3 months ago

I think the correct answer is B. It's important to have the risk assessment and treatment results documented for future reference and compliance purposes.

upvoted 0 times