Which International Organization for Standardization st…

Which International Organization for Standardization standard is commonly referred to as the ‘common
criteria’?

Which International Organization for Standardization standard is commonly referred to as the ‘common
criteria’?

A.
15408

B.
27001

C.
14000

D.
22002

Explanation:
From the official guide: “The publication of the Common Criteria as the ISO/IEC 15408 standard provided the
first truly international product evaluation criteria. It has largely superseded all other criteria, although there
continue to be products in general use that were certified under TCSEC, ITSEC and other criteria. It takes a
very similar approach to ITSEC by providing a flexible set of functional and assurance requirements, and like
ITSEC, it is not very proscriptive as TCSEC had been. Instead, it is focused on standardizing the general
approach to product evaluation and providing mutual recognition of such evaluations all over the world.”
Incorrect Answers:
B: ISO 27001 ISO/IEC 27000 is part of a growing family of ISO/IEC Information Security Management Systems
(ISMS) standards, the ‘ISO/IEC 27000 series’. ISO/IEC 27000 is an international standard entitled: Information
technology — Security techniques — Information security management systems — Overview and vocabulary.
C: ISO 14000 is a family of standards related to environmental management that exists to help organizations
(a) minimize how their operations (processes etc.) negatively affect the environment (i.e. cause adverse
changes to air, water, or land); (b) comply with applicable laws, regulations, and other environmentally oriented
requirements, and (c) continually improve in the above. ISO 14000 is similar to ISO 9000 quality management
in that both pertain to the process of how a product is produced, rather than to the product itself. As with ISO
9000, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO
19011 audit standard applies when auditing for both 9000 and 14000 compliance at once. The requirements of
ISO 14000 are an integral part of the European Union‘s environmental management scheme EMAS.
EMAS‘s structure and material requirements are more demanding, foremost concerning performance
improvement, legal compliance and reporting duties.
D: ISO/TS 22002- Prerequisite programmes on food safety—Part 1: Food manufacturing
Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2
Press), Chapter 9, Security Architecture and Design
https://en.wikipedia.org/wiki/ISO_14000
https://en.wikipedia.org/wiki/ISO/IEC_27000
https://en.wikipedia.org/wiki/ISO_22000



Leave a Reply 0

Your email address will not be published. Required fields are marked *