IT Security Management Quiz

To ensure compliance with financial regulations

To protect critical assets in a cost-effective manner

To develop new software applications

To manage human resources

Global Standards Institute

International Security Association

World Health Organization

International Organization for Standardization

Standards for hardware security

Techniques for software development

Requirements for establishing an ISMS

Guidelines for financial management

ISO 27001:2005

ISO 27002:2005

ISO 27003:2010

ISO 27004:2009

To provide guidelines for risk assessment

To focus on performance evaluation and metrics

To outline the certification process

To define key terms in information security

ISO 27002:2005

ISO 27006:2007

ISO 27001:2005

ISO 27005:2011

Do: Implement the planned processes

Check: Monitor and evaluate effectiveness

Plan: Identify information security needs

Act: Take corrective actions

A marketing strategy

A software development plan

A financial strategy for the organization

A comprehensive list of potential risks

Brainstorming sessions

Workshops

Surveys

Interviews or consultations

To accept risks without action

To eliminate all risks

To limit the impact of risks

To transfer risks to another party