Numerous information security standards promote good security practices and define frameworks
or systems to structure the analysis and design for managing information security controls. Which
of the following are the international information security standards? Each correct answer
represents a complete solution. Choose all that apply.
A.
AU audit and accountability
B.
Human resources security
C.
Organization of information security
D.
Risk assessment and treatment
Explanation:
Following are the various international information security standards:
Risk assessment and treatment: Analysis of the organization’s information security risks Security
policy: Management direction Organization of information security: Governance of information
security Asset management: Inventory and classification of information assets Human resources
security: Security aspects for employees joining, moving, and leaving an organization Physical and
environmental security: Protection of the computer facilities Communications and operations
management: Management of technical security controls in systems and networks Access control:
Restriction of access rights to networks, systems, applications, functions, and data Information
systems acquisition, development and maintenance: Building security into applications Information
security incident management: Anticipating and responding appropriately to information security
breaches Business continuity management: Protecting, maintaining, and recovering business-critical processes and systems Compliance: Ensuring conformance with information security
U.S. Federal Government information security standard.