Free Preparation Discussions
MENU
ISC2 Exam CSSLP Topic 7 Question 16 Discussion
Topic #: 7
ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following elements does this standard contain? Each correct answer represents a complete solution. Choose all that apply.
ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC). It is entitled as 'Information Technology - Security techniques - Information security management system
implementation guidance'. The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security Management System).
It mainly focuses upon the PDCA method along with establishing, implementing, reviewing, and improving the ISMS itself.
The ISO 27003 standard contains the following elements:
Introduction
Scope
Terms and Definitions
CSFs (Critical success factors)
Guidance on process approach
Guidance on using PDCA
Guidance on Plan Processes
Guidance on Do Processes
Guidance on Check Processes
Guidance on Act Processes
Inter-Organization Co-operation
Answer B is incorrect. This element is included in the ISO 27005 standard.
Answer D is incorrect. This element is included in the ISO 27006 standard.
Currently there are no comments in this discussion, be the first to comment!