CISSP-ISSMP · Question #77
Which of the following sections come under the ISO/IEC 27002 standard?
The correct answer is B. Asset management C. Security policy D. Risk assessment. ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC This standard contains the following twelve main sections: 1.Risk assessment: It refers to
Question
Which of the following sections come under the ISO/IEC 27002 standard?
Options
- AFinancial assessment
- BAsset management
- CSecurity policy
- DRisk assessment
How the community answered
(55 responses)- A11% (6)
- B89% (49)
Explanation
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC This standard contains the following twelve main sections: 1.Risk assessment: It refers to assessment of risk. 2.Security policy: It deals with the security management. 3.Organization of information security: It deals with governance of information security. 4.Asset management: It refers to inventory and classification of information assets. 5.Human resources security: It deals with security aspects for employees joining, moving and leaving an organization. 6.Physical and environmental security: It is related to protection of the computer facilities. 7.Communications and operations management: It is the management of technical security controls in systems and networks. 8.Access control: It deals with the restriction of access rights to networks, systems, applications, functions and data. 9.Information systems acquisition, development and maintenance: It refers to build security into 10.Information security incident management: It refers to anticipate and respond appropriately to information security breaches. 11.Business continuity management: It deals with protecting, maintaining and recovering business- critical processes and systems. 12.Compliance: It is used for ensuring conformance with information security policies, standards, laws and regulations. Answer option A is incorrect. Financial assessment does not come under the ISO/IEC 27002
Topics
Community Discussion
No community discussion yet for this question.