Exam ISO-IEC-27001-Lead-Auditor Topic 2 Question 257 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 257
Topic #: 2
A marketing agency has developed its risk assessment approach as part of the ISMS implementation. Is this acceptable?

Suggested Answer: A Vote an answer

Comprehensive and Detailed In-Depth
ISO/IEC 27001 does not prescribe a specific risk assessment methodology but instead provides general requirements for risk assessment. Organizations are free to develop their own risk assessment methods, as long as they:
Identify risks and impacts on information security.
Define risk criteria for evaluating risks.
Implement risk treatment plans based on the organization's context.
A . Correct Answer:
ISO/IEC 27001 Clause 6.1.2 (Information Security Risk Assessment) states that organizations may define their own risk assessment methodology.
This approach must be systematic, measurable, and aligned with business objectives.
B . Incorrect:
Organizations are not required to use a recognized methodology like OCTAVE, MEHARI, or EBIOS, as long as their approach meets ISO requirements.
C . Incorrect:
ISO/IEC 27001 does not mandate a specific risk assessment method, only that a consistent and structured approach is used.
Relevant Standard Reference:
ISO/IEC 27001:2022 Clause 6.1.2 (Information Security Risk Assessment Process)

by Martina at Jul 07, 2026, 04:39 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어