An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?
A.
International Organization for Standardizations – 27004 (ISO-27004)
B.
Payment Card Industry Data Security Standards (PCI-DSS)
C.
Control Objectives for Information Technology (COBIT)
D.
International Organization for Standardizations – 27005 (ISO-27005)
ISO-27004 focuses on measuring the efficiency and effectiveness of an ISMS by providing metrics and methods to evaluate security performance.
Why This Standard is Best:
Provides tools for evaluating security objectives and improvements.
Helps organizations align ISMS performance with business goals.
Why Other Options Are Incorrect:
B. PCI-DSS: Focuses on payment card security, not ISMS metrics.
C. COBIT: Governance framework, not specific to measuring ISMS efficiency.
D. ISO-27005: Focuses on risk management, not performance metrics.
References:
EC-Council recognizes ISO-27004 as the best standard for evaluating ISMS performance metrics and overall effectiveness.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit