B Step 1: Definition of ISO 27000 ISO 27000 is a global standard for information security management systems (ISMS), issued by the International Organization for Standardization (ISO). It provides a framework for protecting sensitive information through policies, controls, and risk management practices. Step 2: Why Option B Is Correct ISO 27001 (part of ISO 27000 series) is one of the most widely recognized certifications for information security governance. It sets guidelines on risk assessment, incident response, and data protection. Step 3: Why the Other Options Are Incorrect Option A ("ESG investing") Incorrect because ISO 27000 deals with cybersecurity, not environmental, social, and governance (ESG) issues. Option C ("International Risk Management") Incorrect because ISO 27000 focuses on information security, not general risk management. Option D ("Auditing of financial controls") Incorrect because financial auditing standards (e.g., SOX, COSO) are separate from information security standards. PRMIA Risk Reference Used: ISO 27000 Series Documentation – Defines cybersecurity risk management practices. PRMIA IT Risk Governance Framework – Reference ISO 27001 as a cybersecurity standard.