Which of the following ISO standards provides guidelines for accreditation of an organization that is concerned with certification and registration related to ISMS?

Which of the following ISO standards provides guidelines for accreditation of an organization that
is concerned with certification and registration related to ISMS?

A.
ISO 27006

B.
ISO 27005

C.
ISO 27003

D.
ISO 27004

Explanation:
ISO 27006 is an information security standard developed by the International

Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It
is entitled as “Information technology – Security techniques – Requirements for bodies providing
audit and certification of information security management systems”. The ISO 27006 standard
provides guidelines for accreditation of an organization which is concerned with certification and
registration related to ISMS. The ISO 27006 standard contains the following elements: Scope
Normative references Terms and definitions Principles General requirements Structural
requirements Resource requirements Information requirements Process requirements
Management system requirements for certification bodies Information security risk communication
Information security risk monitoring and review Annex A. Defining the scope of process Annex B.
Asset valuation and impact assessment Annex C. Examples of typical threats Annex D.
Vulnerabilities and vulnerability assessment methods Annex E. Information security risk
incorrect. The ISO 27004 standard provides guidelines on specifications and use of measurement
techniques for the assessment of the effectiveness of an implemented information security
guidelines for information security risk management.