Which three statements regarding ISO 27002 and COBIT are correct?

Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)

Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)

A.
COBIT and ISO 27002 both define a best practices framework for IT controls.

B.
COBIT focuses on information system processes, whereas ISO 27002 focuses on the
security of the information systems.

C.
ISO 27002 addresses control objectives, whereas COBIT addresses information
security management process requirements.

D.
Compared to COBIT, ISO 27002 covers a broader area in planning, operations,
delivery, support, maintenance, and IT governance.

E.
Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk
mitigation and avoidance mechanisms.



Leave a Reply 0

Your email address will not be published. Required fields are marked *