Certified Chief Information Security Officer (CCISO) — Question 27

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

Answer options

• A. International Organization for Standardizations ג€" 27005 (ISO-27005)
• B. National Institute for Standards and Technology 800-50 (NIST 800-50)
• C. Payment Card Industry Data Security Standards (PCI-DSS)
• D. International Organization for Standardizations ג€" 27004 (ISO-27004)

Correct answer: A

Explanation

The correct answer is A, ISO-27005, which specifically focuses on risk management in information security contexts. Options B and D, while related to standards, do not primarily address risk management processes, and C, PCI-DSS, is designed for payment card data security rather than general risk management.