Certified Cloud Security Professional (CCSP) — Question 117

Which of the following is not a risk management framework?

Answer options

• A. COBIT
• B. Hex GBL
• C. ISO 31000:2009
• D. NIST SP 800-37

Correct answer: B

Explanation

The correct answer is B, Hex GBL, as it is not recognized as a risk management framework. In contrast, COBIT, ISO 31000:2009, and NIST SP 800-37 are all established frameworks that guide organizations in managing risks effectively.