CSSLP · Question #131
CSSLP Question #131: Real Exam Question with Answer & Explanation
The correct answer is B: Human resources security. International information security standards, such as ISO/IEC 27002, include clauses covering Human resources security, Organization of information security, and Risk assessment and treatment. These areas specify best practices for managing information security controls.
Question
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards? Each correct answer represents a complete solution. Choose all that apply.
Options
- AAU audit and accountability
- BHuman resources security
- COrganization of information security
- DRisk assessment and treatment
Explanation
International information security standards, such as ISO/IEC 27002, include clauses covering Human resources security, Organization of information security, and Risk assessment and treatment. These areas specify best practices for managing information security controls.
Common mistakes.
- A. "AU audit and accountability" sounds like a NIST SP 800-53 control family, which is a US federal standard, not an international information security standard in the same context as ISO/IEC 27002 sections.
Concept tested. International information security standards (ISO/IEC 27002)
Reference. https://www.iso.org/standard/72138.html
Topics
Community Discussion
No community discussion yet for this question.