As a cybersecurity analyst at a financial services firm, you have been tasked with aligning the company's vulnerability management program with the requirements of a recognized framework to meet international information security standards. Which of the following documents would guide you to establish a systematic approach for managing sensitive company information to ensure it remains secure?
ISO/IEC 27001
ISO 31000
ISO/IEC 27002
Health Insurance Portability and Accountability Act (HIPAA)
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS), making it the correct choice for establishing a systematic approach to managing sensitive information. ISO/IEC 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining ISMS. ISO 31000 is focused on risk management, and while important, it does not specifically deal with information security management systems. HIPAA is the Health Insurance Portability and Accountability Act and is specific to the healthcare industry in the United States, not international information security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Information Security Management System (ISMS)?
Open an interactive chat with Bash
What are the main differences between ISO/IEC 27001 and ISO/IEC 27002?
Open an interactive chat with Bash
What is the significance of aligning with international information security standards?