(True or false) ISO 27002 can be used to certify an enterprise's information securitysystem.A. TrueB. False
Question
(True or false) ISO 27002 can be used to certify an enterprise's information security system.
A. True
B. False
Solution
Understanding the Question
The statement asked is whether ISO 27002 can be used to certify an enterprise's information security system.
Relevant Concepts
- ISO 27001 and ISO 27002:
- ISO 27001 is the specification for an information security management system (ISMS), and it is the standard against which companies can be certified.
- ISO 27002, on the other hand, is a code of practice that provides guidelines for organizational information security standards, offering best practices for implementing information security controls but does not itself provide a certification.
Analysis
- ISO 27001: Companies looking to get certified in information security need to comply with ISO 27001.
- ISO 27002: While it supports the implementation of an ISMS per ISO 27001, it does not offer certification on its own.
Conclusion
Based on the distinction between the two standards:
Final Answer: B. False. ISO 27002 does not provide certification for an enterprise's information security system.
Similar Questions
True or False: Encrypting sensitive information is an example of a technical safeguard.TrueFalse
An Unknown-Unknown risk is assessed in the ISO 31000:2018 Risk Management process because it can be identified. Select one: True False
The Incident Safety Officer (ISO) is responsible for monitoring for hazardous or unsafe situations. True False
SecOps content engineering is the function that builds alerting profiles which identify the alerts that will be forwarded for investigation.1 pointTrue False
The original version of IAS 32 Financial Instruments: Disclosure and Presentation was published in March 1996.Select one:TrueFalse
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.