ISO 27000is aglobal standard for information security management systems (ISMS), issued by theInternational Organization for Standardization (ISO).

It provides aframework for protecting sensitive informationthrough policies, controls, and risk management practices.

ISO 27001 (part of ISO 27000 series)is one of the most widely recognized certifications forinformation security governance.

It sets guidelines onrisk assessment, incident response, and data protection.

Option A ("ESG investing")

Incorrect becauseISO 27000 deals with cybersecurity, not environmental, social, and governance (ESG) issues.

Option C ("International Risk Management")

Incorrect because ISO 27000 focuses oninformation security, notgeneral risk management.

Option D ("Auditing of financial controls")

Incorrect becausefinancial auditing standards (e.g., SOX, COSO) are separate from information security standards.

Step 1: Definition of ISO 27000Step 2: Why Option B Is CorrectStep 3: Why the Other Options Are Incorrect

ISO 27000 Series Documentation– Defines cybersecurity risk management practices.

PRMIA IT Risk Governance Framework– References ISO 27001 as a cybersecurity standard.

PRMIA Risk References Used: