Which standard prescribes a risk assessment to identify whether each control is required to decrease risks and if so, to which extent it should be applied?
A. ISO 27001
B. ISO 27002
C. ISO 17799
D. HIPPA
E. ISO 9000
Explanation:
One Comment on “which extent it should be applied?”
http://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
https://www.sans.org/reading-room/whitepapers/basics/measuring-effectiveness-information-security-controls-33398
0
0