Question 26
Main Page
Your organization adopts the ISO 27005 framework. After identifying assets and vulnerabilities, what comes next in the workflow?
A. Create a risk register
B. Perform incident simulation
C. Conduct risk analysis
D. Assign risk ownership
Answer: C. Conduct risk analysis
ISO 27005 specifies risk analysis follows identification to assess likelihood and consequences, leading to prioritization.