ISO 27003 is an information security standard published by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the
following elements does this standard contain? Each correct answer represents a complete
solution. Choose all that apply.

A.
Inter-Organization Co-operation

B.
Information Security Risk Treatment

C.
CSFs (Critical success factors)

D.
ystem requirements for certification bodies Managements

E.
Terms and Definitions

F.
Guidance on process approach

Explanation:
ISO 27003 is an information security standard published by the International
Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It

is entitled as “Information Technology – Security techniques – Information security management
system implementation guidance”. The ISO 27003 standard provides guidelines for implementing
an ISMS (Information Security Management System). It mainly focuses upon the PDCA method
along with establishing, implementing, reviewing, and improving the ISMS itself. The ISO 27003
standard contains the following elements: Introduction Scope Terms and Definitions CSFs (Critical
success factors) Guidance on process approach Guidance on using PDCA Guidance on Plan
Processes Guidance on Do Processes Guidance on Check Processes Guidance on Act