2. 计算机
  3. The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

admin2013-12-19  60
问题 The following scenario will be used for questions 26, 27, and 28.
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.
Which of the following is most likely the standard Trent’s company wants to comply with?
选项 A、ISO/IEC 27005
B、ISO/IEC 27001
C、ISO/IEC 27034
D、BS 7799
答案C
解析 C正确。ISO/IEC 27034是一个国际标准,它为组织将安全性整合到用于管理应用程序的流程提供了指南。它适用于内部开发的应用程序、从第三方获得的应用程序以及应用程序的开发和运算是外包的情况。
A不正确。因为ISO/IEC 27005:2001为信息安全风险管理提供了指导方针。ISO/IEC 27005:2001支持ISO/IEC 27001,并且它的设计是为了帮助基于风险管理方法的信息安全的正确实现。
B不正确。因为ISO/IEC 27001:2005详细说明了在组织的整体业务风险的情况中,建立、实现、运行、监控、审查、维护和提高文档化的信息安全管理系统的需求。它还详细说明了依单个组织或单个组织的部分部门而定制的安全控制实现的需求。
D不正确。因为BS 7799是由英国政府的贸易与工业部所撰写的,它概述了信息安全管理体系(Information Security Management,ISMS,又叫安全项目)应该如何构建和维护。它的目的是为组织提供如何设计、实现和维护政策、过程和技术,以管理其敏感信息资产的风险提供指导方针。
转载请注明原文地址:https://kaotiyun.com/show/lNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)