ISO/IEC 27002 Standard: Sections and Best Practices for Information Systems Security

Information Systems Security Management Professional Exam Study Guide

Q: Which of the following sections come under the ISO/IEC 27002 standard?

Asset managementSecurity policyRisk assessment.

Prev Question Next Question

Question

Which of the following sections come under the ISO/IEC 27002 standard?

Answers

A. Financial assessment

B. Asset management

C. Security policy

D. Risk assessment.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

BCD.

ISO/IEC 27002 is a code of practice for information security management that provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

Out of the given options, the sections that come under the ISO/IEC 27002 standard are:

B. Asset Management: This section focuses on managing the organization's assets and ensuring the confidentiality, integrity, and availability of information.

C. Security Policy: This section includes the policies, procedures, and guidelines related to information security management that an organization should develop and implement.

D. Risk Assessment: This section includes the process of identifying, assessing, and evaluating risks to the organization's information assets, and determining appropriate ways to treat those risks.

A. Financial Assessment: This section is not part of the ISO/IEC 27002 standard as it pertains to financial management rather than information security management.

Therefore, the correct answer is B, C, and D.

Prev Question Next Question