Certified Network Defender (CND) — Question 138

Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

Answer options

• A. ISO/IEC 27005
• B. ISO/IEC 27006
• C. ISO/IEC 27002
• D. ISO/IEC 27004

Correct answer: A

Explanation

The correct answer is A, ISO/IEC 27005, as it specifically addresses guidelines for information security risk management. The other options, while related to information security, focus on different aspects such as auditing (ISO/IEC 27006), controls (ISO/IEC 27002), and measurement (ISO/IEC 27004), which do not directly pertain to risk management.