The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

admin2013-12-19 53

问题 The following scenario will be used for questions 26, 27, and 28.
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.
Which of the following is most likely the standard Trent’s company wants to comply with?

选项 A、ISO/IEC 27005
B、ISO/IEC 27001
C、ISO/IEC 27034
D、BS 7799

答案C

解析 C正确。ISO／IEC 27034是一个国际标准，它为组织将安全性整合到用于管理应用程序的流程提供了指南。它适用于内部开发的应用程序、从第三方获得的应用程序以及应用程序的开发和运算是外包的情况。
A不正确。因为ISO／IEC 27005：2001为信息安全风险管理提供了指导方针。ISO／IEC 27005：2001支持ISO／IEC 27001，并且它的设计是为了帮助基于风险管理方法的信息安全的正确实现。
B不正确。因为ISO／IEC 27001：2005详细说明了在组织的整体业务风险的情况中，建立、实现、运行、监控、审查、维护和提高文档化的信息安全管理系统的需求。它还详细说明了依单个组织或单个组织的部分部门而定制的安全控制实现的需求。
D不正确。因为BS 7799是由英国政府的贸易与工业部所撰写的，它概述了信息安全管理体系(Information Security Management，ISMS，又叫安全项目)应该如何构建和维护。它的目的是为组织提供如何设计、实现和维护政策、过程和技术，以管理其敏感信息资产的风险提供指导方针。

转载请注明原文地址:https://jikaoti.com/ti/3EO7FFFM

CISSP认证

相关试题推荐

随机试题

最新回复(0)

The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

CISSP认证

Salt,shellsormetalsarestillusedasmoneyinout-the-waypartsoftheworldtoday.Saltmayseemratherastrange【C1】__

AsformercolonistsofGreatBritain,theFoundingFathersoftheUnitedStatesadoptedmuchofthelegalsystemofGreatBritai

In1930,whentheworldwas"sufferingfromabadattackofeconomicpessimism",JohnMay-nardKeyneswroteabroadlyoptimisti

Writeanessayof160-200wordsbasedonthefollowingpictures.Inyouressay,youshould1)describethepicturesbriefly,

Writeanessayof160-200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,

Writeanessayof160-200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,

Howmenfirstlearnedtoinventwordsisunknown;inotherwords,theoriginoflanguageisamystery.Allwereallyknowistha

"THESERVANT"(1963)isoneofthosefilmsthatitisimpossibletoforget.Theservantexploitshismaster’sweaknessesuntilh

YouhavelosttheoriginalofyourundergraduatediplomainBusinessAdministration.Writealettertothesecretaryofthedepa

Advertisingwasjustonebusinessmodelthatpeopleconsideredatthestart.Googleoriginallythoughtmaybe15percentofthe

Ilikedlettersonwhichtheirhandwritingwasrushedandslightlyillegible,becauseifIhadtroubledecipheringthehandwriti

机动车仪表板上（如图所示）这个符号表示什么？

在某一操作条件下，管线的实际输气量为28×104m3／d，在该条件下计算的理论通过量为35×104m3／d，该管线目前运行状况()。

X线片上成人脊柱结核和脊柱肿瘤的主要鉴别点是

血容量不足时中心静脉压往往低于多少cmH2O(1cmH2O＝0.098kPa)

下列关于债券型理财产品的风险的说法，不正确的是()。

【2015广西】人发展的顺序性要求教育根据人发展的成熟机制，抓住发展的关键期，以促进其发展。()

在窗体上画两个文本框，其名称分别为Text1和Text2，然后编写如下程序：PrivateSubForm_Load()Text1．Text=””：Text2．Text=""：Text1．SetFocusEndSub

WhenwethinkofHollywood—atermIuselooselytodescribeAmericanmovieproductioningeneral,notsimplyfilmsmadeinLos