ISO 27005 is a certification for data privacy compliance.

ISO 27005 is a guideline for physical security measures.

ISO 27005 is a standard for software development.

ISO 27005 is a standard for information security risk management.

Backup Communication Plan

Business Continuity Planning

Business Control Protocol

Business Compliance Policy

Phishing

Ransomware

Malware

DDoS

To increase the number of security breaches

To ensure compliance with all regulations

The purpose of risk management in information security is to protect information assets by identifying and mitigating risks.

To eliminate all potential risks

Conduct regular employee surveys about cybersecurity.

Ignore all security updates.

Implement a comprehensive cybersecurity strategy.

Rely solely on antivirus software.

A threat is a software bug; a vulnerability is a user error.

A threat is a potential danger; a vulnerability is a weakness that can be exploited.

A threat is a weakness; a vulnerability is a potential danger.

A threat is an actual attack; a vulnerability is a security measure.

Employee training is only necessary for new hires.

Employee training has no impact on BCP effectiveness.

Employee training is optional for BCP success.

Employee training is crucial for effective implementation of Business Continuity Plans (BCP).