Which of the following sections come under the ISO/IEC 27002 standard?

A.
Security policy

B.
Asset management

C.
Financial assessment

D.
Risk assessment

Explanation:
ISO/IEC 27002 is an information security standard published by the International
Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC)
as ISO/IEC 17799:2005. This standard contains the following twelve main sections: 1.Risk
assessment: It refers to assessment of risk. 2.Security policy: It deals with the security
management. 3.Organization of information security: It deals with governance of information
security. 4.Asset management: It refers to inventory and classification of information assets.
5.Human resources security: It deals with security aspects for employees joining, moving and
leaving an organization. 6.Physical and environmental security: It is related to protection of the
computer facilities. 7.Communications and operations management: It is the management of
technical security controls in systems and networks. 8.Access control: It deals with the restriction
of access rights to networks, systems, applications, functions and data. 9.Information systems
acquisition, development and maintenance: It refers to build security into applications.
10.Information security incident management: It refers to anticipate and respond appropriately to
information security breaches. 11.Business continuity management: It deals with protecting,
maintaining and recovering business-critical processes and systems.
12.Compliance: It is used for ensuring conformance with information security policies, standards,
ISO/IEC 27002 standard.