Ethical Hacking Essentials Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for your Ethical Hacking Essentials Test. Study with flashcards and multiple choice questions with detailed hints and explanations. Enhance your cybersecurity skills and get ready for your exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which ISO/IEC standard specifies the requirements for an information security management system?

ISO/IEC 27001:2013
ISO/IEC 27002:2013
ISO/IEC 27005:2011
ISO/IEC 27017:2015

The correct answer is: ISO/IEC 27001:2013

ISO/IEC 27001:2013 is the standard that specifies the requirements for an information security management system (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. By adhering to this standard, organizations can establish, implement, maintain, and continuously improve their ISMS within the context of their overall business risks. This particular standard is crucial for organizations aiming to bring their information security practices in line with internationally recognized best practices. It covers aspects such as risk assessment and treatment, leadership responsibility, and continual improvement of the system. Other standards listed, while related to information security, serve different purposes. For example, ISO/IEC 27002:2013 focuses on the implementation of security controls based on the guidelines presented in ISO/IEC 27001. ISO/IEC 27005:2011 is specifically aimed at providing guidelines for information security risk management, and ISO/IEC 27017:2015 extends the guidelines for information security controls to cloud services. Each of these standards plays a supportive role in the overall framework set by ISO/IEC 27001:2013 but does not define the overall requirements for an ISMS.