Which of the following ISO standards provides guidelines for accreditation of an organization that is concerned with certification and registration related to ISMS?
Click on the arrows to vote for the correct answer
A. B. C. D.assessment (ISRA) approaches Answer: C is incorrect.
The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security.
ISO 27006 is an information security standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)
It is entitled as "Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems"
The ISO 27006 standard provides guidelines for accreditation of an organization which is concerned with certification and registration related to ISMS.
The ISO 27006 standard contains the following elements: Scope Normative references Terms and definitions Principles General requirements Structural requirements Resource requirements Information requirements Process requirements Management system requirements for certification bodies Information security risk communication Information security risk monitoring and review Annex A.
Defining the scope of process Annex.
B.
Asset valuation and impact assessment Annex.
C.
Examples of typical threats Annex.
D.
Vulnerabilities and vulnerability assessment methods Annex.
E.
Information security risk provides guidelines for information security risk management.
The ISO (International Organization for Standardization) has developed a series of standards that provide guidelines and best practices for Information Security Management Systems (ISMS). The ISO 27000 family of standards provides a framework for managing and protecting sensitive information using a risk-based approach.
ISO 27006 is the standard that provides guidelines for the accreditation of organizations that provide certification and registration services for ISMS. This standard specifies the requirements and competence criteria that an organization must meet in order to conduct ISMS certification and registration audits.
ISO 27005 is a standard that provides guidelines for information security risk management. It provides a systematic approach for identifying, assessing, and treating information security risks.
ISO 27003 provides guidelines for implementing and maintaining an ISMS. It covers the planning, design, implementation, monitoring, and review of the ISMS.
ISO 27004 provides guidelines for the measurement of the effectiveness of an ISMS. It specifies the metrics and measurement techniques that can be used to assess the performance of the ISMS and to identify areas for improvement.
Therefore, the correct answer to the question is A. ISO 27006, as it specifically relates to accreditation of organizations providing certification and registration services for ISMS.