Comprehensive and Detailed Explanation (250–350 words)
===========
According to EC-Council CCISO documentation, ISO/IEC 27005 is the international standard that provides a formal framework for information security risk management.
ISO 27005 supports ISO 27001 by defining structured processes for risk identification, analysis, evaluation, treatment, monitoring, and communication. CCISO materials highlight ISO 27005 as the preferred risk management standard for organizations implementing or operating an ISMS.
An ISMS (Option A) is a management system, not a risk framework. COBIT (Option B) focuses on IT governance. NIST (Option C) is an organization that publishes frameworks, not a single risk standard.
Therefore, Option D is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit