CISM - Information Security Program - Section 3.3
Apply industry standards and frameworks to guide the design and operation of the information security programme.
Apply industry standards such as ISO/IEC 27002, NIST SP 800-53, and CIS Controls to guide the design and day-to-day operation of the information security programme. Distinguish between these standards to select the most appropriate security baselines for the organisation's sector, regulatory obligations, and maturity level.
ISO/IEC 27002NIST SP 800-53CIS ControlsSecurity baselines
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.