Which government regulation is designed to create a common information security structure that is based on recognized best practices, and is an internationally recognized generic standard?
A.
Basel II
B.
AS/NZS 4360
C.
BS 7799/ISO 17799
D.
SOX
Explanation:
SOX ( Sarbanes Oxley) is not an “internationally recognized generic standard”,nor is it based on “recognized best practices”, but rather a US law that primarily addresses confidence in the stability of public corporations, and is largely despised by the international community. ISO17799, which began life as a British government standard (BS7799) is specifically intended as a best- practices based security structure, and given its adoption by ISO/IEC qualifies as a truly international standard.
“Pass Any Exam. Any Time.” – www. 7
Cisco 646-563: Practice ExamFrom the ISO website . . .
http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/inf ormation_security.htmISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:
security policy;
organization of information security;
asset management;
human resources security;
physical and environmental security;
communications and operations management;
access control;
information systems acquisition, development and maintenance; information security incident management;
business continuity management;
compliance .