Exam ISO-IEC-27001-Foundation Topic 1 Question 31 Discussion
Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 31
Topic #: 1
Question #: 31
Topic #: 1
Which activity is a required element of information security risk identification?
Suggested Answer: A Vote an answer
Clause 6.1.2 defines the mandatory elements of risk assessment. Under risk identification, the standard requires: "identifies the information security risks:1) apply the information security risk assessment process to identify risks...; and2) identify the risk owners." By contrast, considering likelihood and determining levels of risk (options B and D) are part ofrisk analysis(6.1.2 d) "assess the realistic likelihood...";
"determine the levels of risk"), and prioritization for treatment (option C) is part ofrisk evaluation(6.1.2 e)
"prioritize the analysed risks for risk treatment"). Therefore, the specific activity that belongs torisk identificationis toidentify the risk owners. This sequencing is prescribed to ensure each risk has a designated owner responsible for decisions on treatment and acceptance downstream.
"determine the levels of risk"), and prioritization for treatment (option C) is part ofrisk evaluation(6.1.2 e)
"prioritize the analysed risks for risk treatment"). Therefore, the specific activity that belongs torisk identificationis toidentify the risk owners. This sequencing is prescribed to ensure each risk has a designated owner responsible for decisions on treatment and acceptance downstream.
by Deborah at May 14, 2026, 07:17 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).