2. 计算机
  3. ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises info

ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises info

admin2013-12-19  62
问题 ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization(ISO) and the International Electro-technical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards?
选项 A、ISO/IEC 27002 Code of practice for information security management
B、ISO/IEC 27003 Guideline for ISMS implementation
C、ISO/IEC 27004 Guideline for information security management measurement and metrics framework
D、ISO/IEC 27005 Guideline for bodies providing audit and certification of information security management systems
答案B
解析 D正确。ISO/IEC 27005标准是信息安全风险管理的指南。ISO/IEC 27005是一个描述在信息安全管理系统(ISMS)框架内如何进行风险管理的国际标准。
A不正确。因为ISO/IEC 27002是信息安全管理的行为准则,因此,它的映射关系是正确的。ISO/IEC 27002提供了与信息安全管理系统(ISMS)的初始化、实施或维护相关的最佳行为推荐和指南。
B不正确。因为ISO/IEC 27003是ISMS的实施指南,因为它的映射关系是正确的。ISO/IEC 27003关注的是根据ISOflEC 27001:2005成功设计和实施信息安全管理系统(ISMS)所需要的关键方面。ISO/IEC 27003描述了ISMS规范和设计从构思到执行计划的过程。
C不正确。因为ISO/IEC 27004是信息安全管理策略和度量框架的指南,因为它的映射是正确的。正如ISO/IEC 27001中所述,ISO/IEC 27004在评估已实施的信息安全管理系统(ISMS)和控制(或控制分组)有限性方面提供了开发与使用评价和测量方法的指导。
转载请注明原文地址:https://kaotiyun.com/show/HNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)