Understanding Cisco Cybersecurity Fundamentals (SECFND, legacy) — Question 33

Which International standard is for general risk management, including the principles and guidelines for managing risk?

Answer options

• A. ISO 27001
• B. ISO 27005
• C. ISO 31000
• D. ISO 27002

Correct answer: C

Explanation

ISO 31000 is the correct answer as it specifically addresses principles and guidelines for effective risk management. ISO 27001 focuses on information security management systems, ISO 27005 deals with information security risk management, and ISO 27002 provides guidelines for information security controls, making them less relevant to general risk management.