Exam 712-50 topic 1 question 93 discussion

The Correct Answer is B. Perform the risk Assessment ( NIST Special Publication 800-30 which describes the process of assessing information security risk in support goal defined in SP 800-37 and SP 800-39 and include 4 Step: 1- Prepare for Assessment, 2- Conduct Assesment, 3- Communicate results and 4- Maintain Assesment )

B. Perform a risk assessment

According to NIST 800-30: (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf) Risk management processes include: (i) framing risk; (ii) assessing risk; (iii) responding to risk; and (iv) monitoring risk. B=assesing risk

Answer is B. The National Institute of Standards and Technology (NIST) SP 800-30 standard provides guidance on creating a risk management methodology. The second step in this process is to perform a risk assessment, which involves identifying and analyzing potential risks to the organization's assets, operations, and individuals. This step helps to determine the likelihood and potential impact of these risks and enables organizations to prioritize their risk management efforts.

Hypothetically, If question would has been "What is the SECOND step to creating a risk management methodology according to ISO-27005 ?" The answer is B - Risk Assessment

I agree with you. Mitigation should be part of maintaining risk assessment which is the 4th step.