Which two of the following statements are true?
You have just completed a scheduled information security audit of your organisation when the IT Manager approaches you and asks for your assistance in the revision of the company's risk management process.
He is attempting to update the current documentation to make it easier for other managers to understand, however, it is clear from your discussion he is confusing several key terms.
You ask him to match each of the descriptions with the appropriate risk term. What should the correct answers be?

You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?
Does the security have the right to ask you to display your ID badges and check your bags?
How is the purpose of information security policy best described?
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-08-31.q185 Dumps