Secure Software Lifecycle Professional – CSSLP – Question314
ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following elements does this standard contain? Each correct answer represents a complete solution. Choose all that apply. A. Inter-Organization Co-operation B. Information Security Risk Treatment C. CSFs (Critical success factors) D. ystem requirements for certification bodies Managements E. Terms and Definitions F. Guidance on process approach
Correct Answer: ACEF
Explanation:
Explanation: ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled as “Information Technology – Security techniques Information security management system implementation guidance”. The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security Management System). It mainly focuses upon the PDCA method along with establishing, implementing, reviewing, and improving the ISMS itself. The ISO 27003 standard contains the following elements: Introduction Scope Terms and Definitions CSFs (Critical success factors) Guidance on process approach Guidance on using PDCA Guidance on Plan Processes Guidance on Do Processes Guidance on Check Processes Guidance on Act Processes Inter-Organization Co-operation Answer: B is incorrect. This element is included in the ISO 27005 standard. Answer: D is incorrect. This element is included in the ISO 27006 standard.
Please disable your adblocker or whitelist this site!