Suggested Answer:12.Compliance: It is used for ensuring conformance with information security policies, standards, laws and regulations. Answer: C is incorrect. Financial🗳️
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC 17799:2005. This standard contains the following twelve main sections: 1.Risk assessment: It refers to assessment of risk. 2.Security policy: It deals with the security management. 3.Organization of information security: It deals with governance of information security. 4.Asset management: It refers to inventory and classification of information assets. 5.Human resources security: It deals with security aspects for employees joining, moving and leaving an organization. 6.Physical and environmental security: It is related to protection of the computer facilities. 7.Communications and operations management: It is the management of technical security controls in systems and networks. 8.Access control: It deals with the restriction of access rights to networks, systems, applications, functions and data. 9.Information systems acquisition, development and maintenance: It refers to build security into applications. 10.Information security incident management: It refers to anticipate and respond appropriately to information security breaches. 11.Business continuity management: It deals with protecting, maintaining and recovering business-critical processes and systems. assessment does not come under the ISO/IEC 27002 standard.
The sections that come under the ISO/IEC 27002 standard ("Information security, cybersecurity and privacy protection. Information security controls") are:
A. Security policy
B. Asset management
D. Risk assessment
Financial assessment is not specifically addressed in ISO/IEC 27002, although it may be indirectly covered in certain controls related to budgeting and cost analysis for implementing security measures.
ISO/IEC 27002 is a code of practice for information security management. It provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The standard covers various aspects of information security including the establishment of policies and procedures to protect organizational assets such as intellectual property, financial information,, employee data, customer data etc., managing access control systems, providing staff training programs on cyber-security awareness topics like phishing scams or malware attacks , carrying out regular risk assessments to identify potential risks associated with technological infrastructure and processes in place followed by taking corrective measures .
Implementing ISO/IEC 27002 can help organizations safeguard their sensitive information from unauthorized alterations or disclosure thereby protecting their reputation and enhancing their competitive advantage. Additionally adhering to this standard may also aid legal compliance with regulations that mandate specific safeguards around handling customer data confidentiality e.g GDPR (General Data Protection Regulation) applicable within European Union countries dictates strict controls over collection processing storing transfer and destruction of personal identifiable Information(PII).
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
74gjd_37
5 months, 2 weeks ago74gjd_37
5 months, 2 weeks ago74gjd_37
5 months, 2 weeks ago