International Information Security Standards

critical processes and systems Compliance: Ensuring conformance with information security policies, standards, laws, and regulations Answer: A is incorrect.

AU.

Following are the various international information security standards: Risk assessment and treatment: Analysis of the organization's information security risks Security policy: Management direction Organization of information security: Governance of information security Asset management: Inventory and classification of information assets Human resources security: Security aspects for employees joining, moving, and leaving an organization Physical and environmental security: Protection of the computer facilities Communications and operations management: Management of technical security controls in systems and networks Access control: Restriction of access rights to networks, systems, applications, functions, and data Information systems acquisition, development and maintenance: Building security into applications Information security incident management: Anticipating and responding appropriately to information security breaches Business continuity management: Protecting, maintaining, and recovering business- audit and accountability is a U.S.

Federal Government information security standard.

There are several international information security standards, including:

1. ISO/IEC 27001: This standard provides a framework for an Information Security Management System (ISMS), which is a systematic approach to managing sensitive company information so that it remains secure. The standard covers the following areas: organizational context, leadership, planning, support, operation, performance evaluation, and improvement.

2. ISO/IEC 27002: This standard is a code of practice for information security management. It provides a set of guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

3. ISO/IEC 27005: This standard provides guidelines for information security risk management. It outlines the process for identifying, assessing, and treating risks to information security.

4. NIST Cybersecurity Framework: This framework provides a set of guidelines for organizations to manage and reduce cybersecurity risks. It consists of five functions: Identify, Protect, Detect, Respond, and Recover.

Now, let's look at the given options:

A. AU audit and accountability: AU stands for Audit and Accountability, which is a control area within the NIST Cybersecurity Framework. It focuses on the auditing and monitoring of systems, networks, and applications to ensure that they are secure and that users are held accountable for their actions. However, it is not an international information security standard on its own.

B. Human resources security: This control area falls under ISO/IEC 27001 and covers the security of personnel. It includes areas such as background checks, security training, and disciplinary actions. However, it is not an international information security standard on its own.

C. Organization of information security: This control area also falls under ISO/IEC 27001 and covers the management of information security within an organization. It includes areas such as information security policies, roles and responsibilities, and communication. Therefore, it is an international information security standard.

D. Risk assessment and treatment: This control area falls under both ISO/IEC 27001 and ISO/IEC 27005. It covers the process of identifying, analyzing, evaluating, and treating risks to information security. Therefore, it is an international information security standard.

Therefore, the correct answers are C and D, i.e., "Organization of information security" and "Risk assessment and treatment".