Question 32
Main Page
Your team is evaluating threats. According to ISO 27005, what is the role of threat identification?
A. Establish the organization’s risk appetite
B. Determine cost of breach mitigation
C. Understand what events may exploit vulnerabilities
D. Develop encryption algorithms
Answer: C. Understand what events may exploit vulnerabilities
Threat identification helps determine possible sources of risk and how they could compromise asset confidentiality, integrity, or availability.