CompTIA CySA+ (CS0-003) — Question 109

The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?

Answer options

• A. PCI DSS
• B. COBIT
• C. ISO 27001
• D. ITIL

Correct answer: C

Explanation

The correct answer is ISO 27001, as it provides a systematic approach to managing sensitive company information, ensuring data security. PCI DSS is focused specifically on payment card data security, COBIT is primarily for governance and management of IT, and ITIL is centered around IT service management, none of which are as comprehensive for data protection as ISO 27001.