What type of process is risk management?

What type of process is risk management?
A . Ongoing, which allows organizations to monitor risk and keep it at an acceptable level
B . Iterative, which is conducted simultaneously with internal audits to ensure the effectiveness of an organization’s operations
C . Ongoing, which must be conducted annually and be consistent with the selection of security controls

Answer: A

Explanation:

Risk management is an ongoing process that involves continuous monitoring, assessment, and mitigation of risks to ensure that they remain within acceptable levels. According to ISO/IEC 27005, risk management is not a one-time activity but a continuous cycle that includes risk identification, risk analysis, risk evaluation, and risk treatment. The process must be regularly reviewed and updated to respond to changes in the organization’s environment, technological landscape, or operational conditions. Option A correctly identifies risk management as an ongoing process. Options B and C are incorrect; risk management is not limited to being conducted simultaneously with internal audits (B), nor is it required to be conducted annually (C).

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments