The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

admin2013-12-19 70

问题 The following scenario will be used for questions 26, 27, and 28.
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.
Which of the following is most likely the standard Trent’s company wants to comply with?

选项 A、ISO/IEC 27005
B、ISO/IEC 27001
C、ISO/IEC 27034
D、BS 7799

答案C

解析 C正确。ISO／IEC 27034是一个国际标准，它为组织将安全性整合到用于管理应用程序的流程提供了指南。它适用于内部开发的应用程序、从第三方获得的应用程序以及应用程序的开发和运算是外包的情况。
A不正确。因为ISO／IEC 27005：2001为信息安全风险管理提供了指导方针。ISO／IEC 27005：2001支持ISO／IEC 27001，并且它的设计是为了帮助基于风险管理方法的信息安全的正确实现。
B不正确。因为ISO／IEC 27001：2005详细说明了在组织的整体业务风险的情况中，建立、实现、运行、监控、审查、维护和提高文档化的信息安全管理系统的需求。它还详细说明了依单个组织或单个组织的部分部门而定制的安全控制实现的需求。
D不正确。因为BS 7799是由英国政府的贸易与工业部所撰写的，它概述了信息安全管理体系(Information Security Management，ISMS，又叫安全项目)应该如何构建和维护。它的目的是为组织提供如何设计、实现和维护政策、过程和技术，以管理其敏感信息资产的风险提供指导方针。

转载请注明原文地址:https://kaotiyun.com/show/lNhZ777K

CISSP认证

相关试题推荐

随机试题

最新回复(0)

The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

CISSP认证

TheTreasurycouldpocket20millionayearinextrafinesoncethecountry’sspeedcameranetworkisexpanded.Motoringorgani

Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro

[A]Meetingdifferentneeds[B]Smallerisbetter[C]Betterproductmakesgreaterquantity[D]Qualityvsquantity[E]Chillyc

[A]Whattodoasastudent?[B]Variousdefinitionsofplagiarism[C]Ideasshouldalwaysbesourced[D]Ignorancecanbeforgi

VirtualDriverDrivinginvolvessharpeyesandkeenears,analyzingwithabrain,andcoordinationbetweenhands,feetandb

Fewthingssay"forgetI’mhere"quitesoeloquentlyastheposeoftheshy—theavertedgaze,thehunchedshoulders,thebodypi

Writeanessayof160-200wordsbasedonthefollowingdrawings.Inyouressay,youshould1)describethedrawingsbriefly,

Writeanessayof160-200wordsbasedonthefollowingpictures.Inyouressay,youshould1)describethepicturesbriefly,

Sevenyearsago,agroupoffemalescientistsattheMassachusettsInstituteofTechnologyproducedapieceofresearchshowing

Gradeinflation—thegradualincreaseinaverageGPAs(grade-pointaverages)overthepastfewdecades—isoftenconsideredaprod

电子束焊枪，为减小金属蒸汽和离子对电子枪工作稳定性的影响，可以设置()个聚焦线圈，并在电子束通道上设置小直径光阑。

李某被县公安局以涉嫌盗窃为由刑事拘留，后被释放。李某向县公安局申请国家赔偿，遭到拒绝，经复议后，向市中级法院赔偿委员会申请作出赔偿决定。下列哪一说法是正确的?

可调价格合同中对一周内因非承包人原因停水、停电、停气造成停工累计超过（）小时可调整合同价款。

根据《民法通则》规定，()周岁以下的未成年人是无民事行为能力人。

工商行政管理的主体是()。

生产、销售有毒、有害食品罪是指在生产、销售的食品中掺人有毒、有害的非食品原料的，或者销售明知掺有有毒、有害的非食品原料的食品的行为。根据上述定义，下列构成生产、销售有毒、有害食品罪的是()。

当x≠0时，函数f(x)满足f(x3)+2f()=3x，则f’(1)=_________.

甲男与乙女通过网聊恋爱，后乙提出分手遭甲威胁，乙无奈遂与甲办理了结婚登记。婚后乙得知，甲婚前就患有医学上不应当结婚的疾病且久治不愈，乙向法院起诉离婚。下列说法正确的是

人民币(RenminbiorRMB)是中国大陆地区的法定货币。中国人民银行(thePeople’sBankofChina)是国家管理人民币的主要机构，负责人民币的设计、印制和发行。从1948年开始，人民币一共发行了五套。目前市场上流通的主要是第

Theincreaseinglobaltrademeansthatinternationalcompaniescannotaffordtomakecostlyadvertisingmistakesiftheywantt