Which three statements regarding ISO 27002 and COBIT are correct?

Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)
A. COBIT and ISO 27002 both define a best practices framework for IT controls.
B. COBIT focuses on information system processes, whereas ISO 27002 focuses on the security of the information systems.
C. ISO 27002 addresses control objectives, whereas COBIT addresses information security management process requirements.
D. Compared to COBIT, ISO 27002 covers a broader area in planning, operations, delivery, support, maintenance, and IT governance.
E. Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk mitigation and avoidance mechanisms.

cisco-exams

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.