Ignoring the risk assessment results

Providing evidence of compliance with ISO 27001

Designing marketing campaigns

Increasing office supplies

Outlining employee benefits

Identifying and implementing measures to address identified risks

Managing office supplies

Ignoring risks for business growth

The SoA has no connection to risk assessment

The SoA lists controls to address identified risks

The SoA is used only during the implementation phase

The SoA focuses on employee training

Ignoring risks for business growth

Identifying and assessing all risks personally

Taking responsibility for managing a specific risk

Conducting random employee evaluations

Ignoring risks for business growth

Calculating financial risks only

Evaluating the potential harm and likelihood of a security incident

Designing software systems