Certified Secure Software Lifecycle Professional (CSSLP) — Question 91

Which of the following sections come under the ISO/IEC 27002 standard?

Answer options

• A. Security policy
• B. Asset management
• C. Financial assessment
• D. Risk assessment

Correct answer: C

Explanation

The correct answer is C, as the ISO/IEC 27002 standard primarily focuses on information security management and does not specifically cover financial assessments. Options A and B are relevant to the standard, while D pertains to risk management practices that are outlined in other standards.