Which of the following standards pertains to practices for an information security management system?

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

The correct answer is ISO/IEC 27002, as it specifically provides guidelines and best practices for implementing controls and managing security within an Information Security Management System (ISMS). This standard acts as a supplementary guideline to ISO/IEC 27001, which sets the requirements for establishing, implementing, maintaining, and continually improving an ISMS. While ISO/IEC 27001 outlines what should be done, ISO/IEC 27002 focuses on how to achieve those objectives through specific controls, thus playing a critical role in the practical application of an ISMS.

ISO/IEC 27000 serves more as an overview, defining key concepts and terminology related to the information security management system and isn’t primarily focused on practices or guidelines. ISO/IEC 27005 deals specifically with risk management related to information security, which is a distinct aspect rather than addressing overall practices. ISO/IEC 27003 provides guidance on the implementation of an ISMS but does not focus explicitly on the practices and controls themselves as ISO/IEC 27002 does. Therefore, ISO/IEC 27002 is the standard most relevant to practices for managing an information security management system effectively.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy