Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)
A.
COBIT
B.
NIST
C.
ISO 27000 series
D.
ITIL
E.
OWASP
Explanation:
C & E are the correct answers. ITIL is NOT a security framework, ISO/IEC 27000 is.
0
3
Correct and answers are B and C. NIST (National Institute of Standards and Technology) produced a useful patch and vulnerability management program framework in its Special Publication (NIST SP 800-40).
4
1