Which of the following sections come under the ISO/IEC 27002 standard?

A.
Financial assessment

B.
Asset management

C.
Security policy

D.
Risk assessment

Explanation:
ISO/IEC 27002 is an information security standard published by the International Organization for
Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC
17799:2005.
This standard contains the following twelve main sections:
1.Risk assessment: It refers to assessment of risk.
2.Security policy: It deals with the security management.
3.Organization of information security: It deals with governance of information security.
4.Asset management: It refers to inventory and classification of information assets.
5.Human resources security: It deals with security aspects for employees joining, moving and leaving
an organization.
6.Physical and environmental security: It is related to protection of the computer facilities.
7.Communications and operations management: It is the management of technical security controls
in systems and networks.
8.Access control: It deals with the restriction of access rights to networks, systems, applications,
functions and data.
9.Information systems acquisition, development and maintenance: It refers to build security into
applications.
10.Information security incident management: It refers to anticipate and respond appropriately to
information security breaches.
11.Business continuity management: It deals with protecting, maintaining and recovering businesscritical processes and systems.
12.Compliance: It is used for ensuring conformance with information security policies, standards,
laws and regulations.
Answer option A is incorrect. Financial assessment does not come under the ISO/IEC 27002
standard.