To comply with a certain information security risk management standard, George did an exercise to...

To comply with a certain information security risk management standard, George did an exercise to identify all the risks that his organization faced. He ascertained that his organization was vulnerable to the following risks: phishing emails to the employees of his organization, earthquakes (common for the city in which his office was located), destruction of the organization’s critical data due to the crashing of the primary server, and electrical surges, which in the long term could cause harm to the primary server.The standard demanded that he prioritize these risks before chalking out a plan to deal with them and identify the risk with the highest priority. According to George, electrical surges were the highest priority risk. Which standard is George trying to comply with?