Certified Chief Information Security Officer (CCISO) — Question 31

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System.
Which of the following international standards can BEST assist this organization?

Answer options

• A. Payment Card Industry Data Security Standards (PCI-DSS)
• B. International Organization for Standardizations ג€" 27005 (ISO-27005)
• C. International Organization for Standardizations ג€" 27004 (ISO-27004)
• D. Control Objectives for Information Technology (COBIT)

Correct answer: C

Explanation

ISO-27004 provides guidelines specifically for measuring and evaluating the effectiveness of an Information Security Management System, making it the best choice for this organization. In contrast, PCI-DSS focuses on securing payment card information, ISO-27005 deals with risk management, and COBIT is more about governance rather than direct measurement of security management efficiency.