Exam ISO-IEC-27001-Lead-Implementer Topic 6 Question 166 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 166
Topic #: 6
Question #: 166
Topic #: 6
Question:
Whom should an organization interview to obtain information regarding information security risks in their respective fields?
Whom should an organization interview to obtain information regarding information security risks in their respective fields?
Suggested Answer: C Vote an answer
ISO/IEC 27001:2022 Clause 4.2 -Understanding the needs and expectations of interested partiesstates:
"The organization shall determine:
a) interested parties that are relevant to the ISMS;
b) the relevant requirements of these interested parties."
Risk identification must incorporate input fromall relevant stakeholders, including but not limited to experts.
In fact,ISO/IEC 27005:2022emphasizesstakeholder engagementin risk assessments to improve understanding of risk context and ensure comprehensive input.
"The organization shall determine:
a) interested parties that are relevant to the ISMS;
b) the relevant requirements of these interested parties."
Risk identification must incorporate input fromall relevant stakeholders, including but not limited to experts.
In fact,ISO/IEC 27005:2022emphasizesstakeholder engagementin risk assessments to improve understanding of risk context and ensure comprehensive input.
by Eartha at Jun 14, 2025, 03:13 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).