ISC2 Exam CSSLP Topic 7 Question 16 Discussion

Actual exam question for ISC2's CSSLP exam

Question #: 16
Topic #: 7

ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following elements does this standard contain? Each correct answer represents a complete solution. Choose all that apply.

AInter-Organization Co-operation

BInformation Security Risk Treatment

CCSFs (Critical success factors)

Dystem requirements for certification bodies
Management s

ETerms and Definitions

FGuidance on process approach

Show Suggested Answer

Suggested Answer: A, C, E, F

ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International

Electrotechnical Commission (IEC). It is entitled as 'Information Technology - Security techniques - Information security management system

implementation guidance'. The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security Management System).

It mainly focuses upon the PDCA method along with establishing, implementing, reviewing, and improving the ISMS itself.

The ISO 27003 standard contains the following elements:

Introduction

Scope

Terms and Definitions

CSFs (Critical success factors)

Guidance on process approach

Guidance on using PDCA

Guidance on Plan Processes

Guidance on Do Processes

Guidance on Check Processes

Guidance on Act Processes

Inter-Organization Co-operation

Answer B is incorrect. This element is included in the ISO 27005 standard.

Answer D is incorrect. This element is included in the ISO 27006 standard.

by Lavera at May 06, 2022, 02:29 AM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!