Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
A . Payment Card Industry Digital Security Standard (PCI DSS)
B . National Institute of Standards and Technology (NIST) Special Publication 800-53
C . International Organization for Standardization C ISO 27001/2
D . British Standard 7799 (BS7799)
Answer: C
Leave a Reply