Which of the following ISO standards provides guidelines for accreditation of an organization that is concerned with certification and registration related to ISMS?

A. ISO 27006

B. ISO 27005

C. ISO 27003

D. ISO 27004








 

Suggested Answer: assessment (ISRA) approaches Answer: C is incorrect. The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security

Community Answer: A

ISO 27006 is an information security standard developed by the International Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC). It is entitled as "Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems". The ISO 27006 standard provides guidelines for accreditation of an organization which is concerned with certification and registration related to ISMS. The ISO 27006 standard contains the following elements: Scope Normative references Terms and definitions Principles General requirements Structural requirements Resource requirements Information requirements Process requirements Management system requirements for certification bodies Information security risk communication Information security risk monitoring and review Annex A. Defining the scope of process Annex B. Asset valuation and impact assessment Annex C. Examples of typical threats Annex D. Vulnerabilities and vulnerability assessment methods Annex E. Information security risk provides guidelines for information security risk management.

This question is in CSSLP Certified Secure Software Lifecycle Professional Exam
For getting Certified Secure Software Lifecycle Professional (CSSLP) Certificate






Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISC. 
Trademarks, certification & product names are used for reference only and belong to ISC.
The website does not contain actual questions and answers from ISC's Certification Exams.