nerdexam
(ISC)2

CISSP-ISSMP · Question #77

Which of the following sections come under the ISO/IEC 27002 standard?

The correct answer is B. Asset management C. Security policy D. Risk assessment. ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC This standard contains the following twelve main sections: 1.Risk assessment: It refers to

Security Program Development

Question

Which of the following sections come under the ISO/IEC 27002 standard?

Options

  • AFinancial assessment
  • BAsset management
  • CSecurity policy
  • DRisk assessment

How the community answered

(55 responses)
  • A
    11% (6)
  • B
    89% (49)

Explanation

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC This standard contains the following twelve main sections: 1.Risk assessment: It refers to assessment of risk. 2.Security policy: It deals with the security management. 3.Organization of information security: It deals with governance of information security. 4.Asset management: It refers to inventory and classification of information assets. 5.Human resources security: It deals with security aspects for employees joining, moving and leaving an organization. 6.Physical and environmental security: It is related to protection of the computer facilities. 7.Communications and operations management: It is the management of technical security controls in systems and networks. 8.Access control: It deals with the restriction of access rights to networks, systems, applications, functions and data. 9.Information systems acquisition, development and maintenance: It refers to build security into 10.Information security incident management: It refers to anticipate and respond appropriately to information security breaches. 11.Business continuity management: It deals with protecting, maintaining and recovering business- critical processes and systems. 12.Compliance: It is used for ensuring conformance with information security policies, standards, laws and regulations. Answer option A is incorrect. Financial assessment does not come under the ISO/IEC 27002

Topics

#ISO 27002#Information Security Controls#Information Security Management System (ISMS)#Risk Management

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice