Which statement about ISO/IEC 27001 is true?
Click on the arrows to vote for the correct answer
A. B. C. D. E.C.
ISO/IEC 27001 is a globally recognized standard for information security management systems (ISMS). It provides a framework for the establishment, implementation, maintenance, and continual improvement of information security management within an organization.
Now, let's go through each answer option to determine which one is true:
A. ISO/IEC 27001 is only intended to report security breaches to the management authority. This statement is false. ISO/IEC 27001 is not only intended to report security breaches to the management authority, but it is designed to manage and control information security within an organization.
B. ISO/IEC 27001 was reviewed by the International Organization for Standardization. This statement is partly true. ISO/IEC 27001 was indeed reviewed by the International Organization for Standardization (ISO), but it was developed by the Joint Technical Committee (JTC1) of ISO and the International Electrotechnical Commission (IEC).
C. ISO/IEC 27001 is intended to bring information security under management control. This statement is true. The primary objective of ISO/IEC 27001 is to bring information security under management control by providing a systematic approach to managing sensitive company information, including people, processes, and IT systems.
D. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission. This statement is partly true. As mentioned earlier, ISO/IEC 27001 was developed by the Joint Technical Committee (JTC1) of ISO and the International Electrotechnical Commission (IEC).
E. ISO/IEC 27001 was published by ISO/IEC. This statement is false. While ISO/IEC 27001 was developed by the Joint Technical Committee (JTC1) of ISO and IEC, it was published by the International Organization for Standardization (ISO).
In summary, the correct answer is C. ISO/IEC 27001 is intended to bring information security under management control.