Fdaytalk Homework Help: Questions and Answers: An organization wants to demonstrate its commitment to protecting sensitive customer information and comply with legal and regulatory requirements. Which standard provides a framework for establishing, implementing, maintaining, and continually improving an ISMS?
a) COBIT
b) ISO 27001
c) NIST Cybersecurity Framework
d) CIS Controls
Answer:
First, let’s understand what ISMS is:
ISMS stands for Information Security Management System. It’s a systematic approach to managing sensitive company information so that it remains secure.
To solve this question, we need to identify which standard provides a framework specifically for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Let’s analyze each option:
Given Options: Step by step analysis
a) COBIT (Control Objectives for Information and Related Technologies)
- COBIT is a framework created by ISACA for IT management and IT governance. It focuses on aligning IT goals with business goals, providing a comprehensive framework for managing and governing enterprise IT environments.
- While COBIT is useful for IT governance, but it is not specifically designed for establishing and maintaining an ISMS.
b) ISO 27001 (International Organization for Standardization 27001)
- ISO 27001 is a globally recognized standard specifically for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information so that it remains secure.
- It includes requirements for establishing, implementing, maintaining, and continually improving an ISMS. This directly matches the description in the question.
c) NIST Cybersecurity Framework
- The NIST Cybersecurity Framework is a voluntary framework developed by the National Institute of Standards and Technology for improving cybersecurity risk management.
- While it provides guidelines and best practices for managing cybersecurity risk, but it is not specifically focused on an ISMS.
d) CIS Controls (Center for Internet Security Controls)
- CIS Controls are a set of best practices for securing IT systems and data against cyber threats. These controls are highly specific and practical, but they do not provide a comprehensive framework for an ISMS.
Final answer
Based on the analysis, the correct answer is:
b) ISO 27001
ISO 27001 is the only standard listed that is specifically designed as a comprehensive framework for an ISMS, covering all the mentioned aspects.
Learn More: Fdaytalk Homework Help
Q. How is the rise of generative Al most like the invention of photography?
