International Information Security Standards

ABC.

There are numerous international information security standards that promote good security practices and define frameworks for managing information security controls. These standards are designed to help organizations establish, implement, maintain, and continually improve their information security management systems.

Let's take a look at each of the options provided in the question:

A. Human resources security: This is not an international information security standard. However, it is a domain within the ISO/IEC 27001 standard that covers the management of employees, contractors, and third-party users.

B. Organization of information security: This is an international information security standard that is covered in the ISO/IEC 27001 standard. It specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within an organization.

C. Risk assessment and treatment: This is an international information security standard that is covered in the ISO/IEC 27001 standard. It provides a framework for identifying, assessing, and treating information security risks within an organization.

D. AU audit and accountability: This is not an international information security standard. However, it is a domain within the NIST Cybersecurity Framework that covers the monitoring and review of audit logs and other security-related events to detect and respond to security incidents.

In summary, the correct answers to this question are B. Organization of information security and C. Risk assessment and treatment, as they are both international information security standards covered in the ISO/IEC 27001 standard.