PECB Lead Implementer (ISO/IEC 27001) — Question 33

What should TradeB do in order to deal with residual risks? Refer to scenario 4.

Answer options

• A. TradeB should evaluate, calculate, and document the value of risk reduction following risk treatment
• B. TradeB should immediately implement new controls to treat all residual risks
• C. TradeB should accept the residual risks only above the acceptance level

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of evaluating and documenting risk reduction efforts after treatment, which is essential for effective risk management. Option B is incorrect because implementing new controls for all residual risks may not be practical or necessary. Option C is also wrong as it suggests accepting risks only above a certain level, which does not align with a thorough risk management strategy.