nerdexam
EC-Council

312-50V10 · Question #397

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

The correct answer is A. guidelines and practices for security controls.. ISO 27002 is an internationally recognized standard that provides a reference set of information security controls and implementation guidance for organizations building or improving their security programs.

Information Security and Ethical Hacking Fundamentals

Question

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options

  • Aguidelines and practices for security controls.
  • Bfinancial soundness and business viability metrics.
  • Cstandard best practice for configuration management.
  • Dcontract agreement writing standards.

How the community answered

(64 responses)
  • A
    88% (56)
  • B
    2% (1)
  • C
    3% (2)
  • D
    8% (5)

Why each option

ISO 27002 is an internationally recognized standard that provides a reference set of information security controls and implementation guidance for organizations building or improving their security programs.

Aguidelines and practices for security controls.Correct

ISO 27002 serves as a companion to ISO 27001 and details specific security controls organized into domains such as access control, cryptography, physical security, and incident management. It provides practical guidelines and best practices that organizations can select and implement based on their risk assessment results. The standard is designed to support compliance with ISO 27001 by explaining how individual controls should be applied.

Bfinancial soundness and business viability metrics.

ISO 27002 does not address financial soundness or business viability metrics; those concerns belong to frameworks like COBIT or standards like SOX.

Cstandard best practice for configuration management.

Configuration management best practices are addressed by standards such as ITIL or NIST SP 800-128, not ISO 27002.

Dcontract agreement writing standards.

Contract writing standards fall outside the scope of ISO 27002, which is focused exclusively on information security control guidance.

Concept tested: ISO 27002 scope - information security control guidelines

Source: https://www.iso.org/standard/75652.html

Topics

#ISO 27002#security controls#compliance guidelines#security standards

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice