Which of the following ISO standards is entitled as “Information technology – Security techniques -Information security management – Measurement”?
A.
ISO 27003
B.
ISO 27005
C.
ISO 27004
D.
ISO 27006
Explanation:
ISO 27004 is an information security standard developed by the International
Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It
is entitled as “Information technology – Security techniques – Information security management -Measurement”. The ISO 27004 standard provides guidelines on specifications and use of
measurement techniques for the assessment of the effectiveness of an implemented information
security management system and controls. It also helps an organization in establishing the
effectiveness of ISMS implementation, embracing benchmarking, and performance targeting
“Information Technology – Security techniques – Information security management system
is incorrect. ISO 27006 is entitled as “Information technology – Security techniques – Requirements
for bodies providing audit and certification of information security management systems”.