, International Standards Organization (ISO) - CORRECT ANSWERS-is an international
standards body composed of representatives from various standards organizations.
ISO/IEC 27001 - CORRECT ANSWERS-Standard on managing Information Security. It
includes requirements for establishing ,
implementing, maintaining, and continually improving information management.
ISO/IEC 27002 - CORRECT ANSWERS-provides best practices on information security
controls for those attempting to be ISO/IEC 27001.
ISO/IEC 27017 - CORRECT ANSWERS-created to supplement ISO/IEC 27002 to
provide additional security controls for the cloud.
ISO/IEC 27018:2014
ISO/IEC 27018:2019 - CORRECT ANSWERS-IT Security techniques. Code of practice
for protection of PII in public clouds.
ISO/IEC 27034-1 - CORRECT ANSWERS-mandates a framework for application
security within an organization.
ISO/IEC 28000:2007 - CORRECT ANSWERS-standard for ensuring security assurance
in the supply chain.
ISO/IEC 31000:2009 - CORRECT ANSWERS-standard providing industry independent
principles and guidelines on risk management.
NIST - CORRECT ANSWERS-National Institute of Standards and Technology is an
agency of the Department of Commerce whose mission is to promote innovation and
industrial competitiveness. It also creates numerous standard and requirements for the
DoD, Federal Government, and government contractors relating to Cyber security.
NIST SP 800-37 - CORRECT ANSWERS-Risk Management Framework using a life
cycle approach for security and privacy.
NIST SP 800-53 - CORRECT ANSWERS-provides security and privacy controls for
information systems and organizations.
NIST SP 800-92 - CORRECT ANSWERS-Guide to Computer Security Log
Management
ISO 27034 - CORRECT ANSWERS-There is only one ONF for an organization but
potentially as many ANF's as applications.
- Application Normative Framework (ANF)
standards body composed of representatives from various standards organizations.
ISO/IEC 27001 - CORRECT ANSWERS-Standard on managing Information Security. It
includes requirements for establishing ,
implementing, maintaining, and continually improving information management.
ISO/IEC 27002 - CORRECT ANSWERS-provides best practices on information security
controls for those attempting to be ISO/IEC 27001.
ISO/IEC 27017 - CORRECT ANSWERS-created to supplement ISO/IEC 27002 to
provide additional security controls for the cloud.
ISO/IEC 27018:2014
ISO/IEC 27018:2019 - CORRECT ANSWERS-IT Security techniques. Code of practice
for protection of PII in public clouds.
ISO/IEC 27034-1 - CORRECT ANSWERS-mandates a framework for application
security within an organization.
ISO/IEC 28000:2007 - CORRECT ANSWERS-standard for ensuring security assurance
in the supply chain.
ISO/IEC 31000:2009 - CORRECT ANSWERS-standard providing industry independent
principles and guidelines on risk management.
NIST - CORRECT ANSWERS-National Institute of Standards and Technology is an
agency of the Department of Commerce whose mission is to promote innovation and
industrial competitiveness. It also creates numerous standard and requirements for the
DoD, Federal Government, and government contractors relating to Cyber security.
NIST SP 800-37 - CORRECT ANSWERS-Risk Management Framework using a life
cycle approach for security and privacy.
NIST SP 800-53 - CORRECT ANSWERS-provides security and privacy controls for
information systems and organizations.
NIST SP 800-92 - CORRECT ANSWERS-Guide to Computer Security Log
Management
ISO 27034 - CORRECT ANSWERS-There is only one ONF for an organization but
potentially as many ANF's as applications.
- Application Normative Framework (ANF)
