* ISO 27001 is the formal set of specifications against which organization may seek independent certification of their ISMS.
* ISO 27001 contains a structured set of suggested controls that may be used by organizations as appropriate to address information security risk.
Reference from CISA Review Manual (p.109)
沒有留言:
張貼留言