Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)

A.
COBIT and ISO 27002 both define a best practices framework for IT controls.

B.
COBIT focuses on information system processes, whereas ISO 27002 focuses on the security
of the information systems.

C.
ISO 27002 addresses control objectives, whereas COBIT addresses information security
management process requirements.

D.
Compared to COBIT, ISO 27002 covers a broader area in planning, operations, delivery,
support, maintenance, and IT governance.

E.
Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk
mitigation and avoidance mechanisms.

Explanation: