Question 13
Main Page
Your organization follows ISO 27005. What must happen immediately after the identification of risks?
A. Implement access controls
B. Evaluate third-party vendors
C. Perform risk analysis
D. Accept all low-level risks
Answer: C. Perform risk analysis
According to ISO 27005, risk analysis follows identification and evaluates consequences and likelihood.