Free GAQM ISO-27005-LRM Exam Questions

A multinational corporation is looking to maintain the agility of its information security risk management program in a rapidly changing global business environment. The risk manager is selecting tools to support this goal. Which tool would best support the agility of the risk management program?

A company in the "Do" phase of the PDCA cycle has implemented new security controls to mitigate identified risks. Which of the following is the most appropriate next step to ensure these controls are integrated effectively into the risk management program?

A financial institution is updating its risk management framework in response to emerging cyber threats. The risk manager is tasked with documenting the results of the updated risk assessment. What should be the focus of this documentation to enhance its usefulness for ongoing risk management?

An organization identifies a high inherent risk of data breaches in its customer database. Despite implementing strong encryption and access controls, the residual risk is still above the organization's risk appetite. What should be the next course of action?

A university is facing risks associated with the unauthorized disclosure of confidential research data. They are considering encrypting all research data, restricting data access to a few key researchers, regularly auditing data access, or a combination of these measures. Which option aligns best with ISO/IEC 27005's guidance on proportionate and effective risk treatment?