Which framework provides a comprehensive approach to managing information security within an organization?

  1. COSO
  2. ISO/IEC 27001 ✓
  3. ITIL
  4. COBIT

Correct answer: ISO/IEC 27001

Option B is correct because ISO/IEC 27001 is an internationally recognized standard specifically designed to establish, implement, maintain, and continually improve an Information Security Management System (ISMS), providing a comprehensive and certifiable framework for managing information security risk across an organization. Option A is incorrect because COSO is a framework focused on enterprise risk management and internal financial controls, not information security management. Option C is incorrect because ITIL is a framework for IT service management best practices and does not specifically govern information security programs. Option D is incorrect because COBIT is primarily a governance and management framework for enterprise IT, covering a broader IT governance scope rather than being dedicated to information security.

Topic: Security Program Management and Oversight · iso 27001, isms, information security frameworks, governance

Practice CompTIA Security+ (SY0-701) Questions Free