Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 58 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 58
Topic #: 1
Which of the following statements best defines information security risk?

Suggested Answer: A Vote an answer

Information security risk, as defined by ISO/IEC 27005, is "the potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization." This definition emphasizes the interplay between threats (e.g., cyber attackers, natural disasters), vulnerabilities (e.g., weaknesses in software, inadequate security controls), and the potential impact or harm that could result from this exploitation. Therefore, option A is the most comprehensive and accurate description of information security risk. In contrast, option B describes a vulnerability, and option C focuses on the cause of an incident rather than defining risk itself. Option A aligns directly with the risk definition in ISO/IEC 27005.

by Carl at Jun 05, 2025, 04:57 AM

Limited Time Offer

15%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10