EC-Council
312-50V11 · Question #397
312-50V11 Question #397: Real Exam Question with Answer & Explanation
The correct answer is A. guidelines and practices for security controls.. ISO 27002 is an international standard that provides a reference set of information security controls and implementation guidance for organizations to use when establishing or improving their security programs.
Information Security and Ethical Hacking Fundamentals
Question
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
Options
- Aguidelines and practices for security controls.
- Bfinancial soundness and business viability metrics.
- Cstandard best practice for configuration management.
- Dcontract agreement writing standards.
Explanation
ISO 27002 is an international standard that provides a reference set of information security controls and implementation guidance for organizations to use when establishing or improving their security programs.
Common mistakes.
- B. ISO 27002 does not address financial soundness or business viability metrics - those concerns fall under financial auditing standards such as those from IFRS or GAAP.
- C. Configuration management best practices are covered by standards such as ITIL and NIST SP 800-128, not ISO 27002.
- D. Contract writing standards are governed by legal and procurement frameworks, not by an information security standard like ISO 27002.
Concept tested. ISO 27002 information security controls guidance
Reference. https://www.iso.org/standard/75652.html
Topics
#ISO 27002#security controls#compliance#information security standards
Community Discussion
No community discussion yet for this question.