Question 69
Main Page
What does ISO 27005 define as a requirement before risk identification begins?
A. Completion of staff training
B. Communication of breach response
C. Establishing context
D. Implementing controls
Answer: C. Establishing context
ISO 27005 requires defining the scope, assets, and conditions first—this ensures relevance in the subsequent risk activities.