Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which standard provides a model for information security risk management?

ISO/IEC 27001
ISO/IEC 27002
ISO/IEC 27005
ISO/IEC 27018

The correct answer is: ISO/IEC 27005

The correct choice is ISO/IEC 27005, which specifically focuses on information security risk management. This standard is part of the ISO/IEC 27000 family of standards, which guide organizations in implementing and managing an adequate information security management system (ISMS). ISO/IEC 27005 provides guidelines for the risk management process, outlining how to manage and assess the risks associated with information security threats. It emphasizes identifying risks, analyzing them, assessing their impact, and determining risk treatment options. By providing a structured approach to understanding and mitigating risks, this standard helps organizations to prioritize their security efforts and resources effectively. In contrast, other options serve different purposes within the broader context of information security. ISO/IEC 27001 defines the requirements for establishing, implementing, maintaining, and continually improving an ISMS, while ISO/IEC 27002 offers best practice recommendations for implementing information security controls. ISO/IEC 27018 focuses on the protection of personal data in the cloud. While all these standards contribute to a comprehensive information security framework, it is ISO/IEC 27005 that is specifically dedicated to the aspect of risk management.