Which of the following is not a standard or framework addressing incident response? (Wentz QOTD)
A. Information Technology Infrastructure Library (ITIL)
B. NIST SP 800-61
C. ISO 27035
D. ISO 31000
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. ISO 31000.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
以下哪一項不是處理事件回應的標准或框架? (Wentz QOTD)
A. 信息技術基礎設施庫 (ITIL)
B. NIST SP 800-61
C. ISO 27035
D. ISO 31000