CISSP – Information Systems Security Management Professional (ISSMP) — Question 62

Which of the following sections come under the ISO/IEC 27002 standard?

Answer options

• A. Financial assessment
• B. Asset management
• C. Security policy
• D. Risk assessment

Correct answer: B, C, D

Explanation

The ISO/IEC 27002 standard includes guidance on establishing, implementing, and maintaining information security management practices. Asset management, security policy, and risk assessment are all critical areas covered by the standard, whereas financial assessment is not part of its scope.