Question 77
Main Page
The CISO decides to document all critical risk assumptions and boundaries before analysis. What step is this aligned with in ISO 27005?
A. Risk treatment
B. Risk communication
C. Context establishment
D. Residual risk scoring
Answer: C. Context establishment
Context must be defined early to ensure that the scope, assets, constraints, and criteria are understood during risk evaluation.