Explanation: ISO 27004 is an information security standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled as “Information technology – Security techniques Information security management – Measurement”. The ISO 27004 standard provides guidelines on specifications and use of measurement techniques for the assessment of the effectiveness of an implemented information security management system and controls. It also helps an organization in establishing the effectiveness of ISMS implementation, embracing benchmarking, and performance targeting within the PDCA (plan-do-check-act) cycle. Answer: A is incorrect. ISO 27003 is entitled as “Information Technology – Security techniques – Information security management system implementation guidance”. Answer: B is incorrect. ISO 27005 is entitled as “ISO/IEC 27005:2008 Information technology — Security techniques — Information security risk management”. Answer: D is incorrect. ISO 27006 is entitled as “Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems”.