Which international standard provides guidelines for an information security management system (ISMS)?Question 18Answera.ISO 9001b.ISO/IEC 27001c.ISO/IEC 20000d.ISO 31000

The international standard that provides guidelines for an information security management system (ISMS) is ISO/IEC 27001.

Here's a step-by-step explanation:

1. ISO 9001 is a standard that sets out the criteria for a quality management system. It is based on a number of quality management principles including a strong customer focus, the involvement of top management, a process approach, and continual improvement. So, this is not the correct answer.

2. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process and gives assurance to company stakeholders that risk is being managed. So, this is the correct answer.

3. ISO/IEC 20000 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements. So, this is not the correct answer.

4. ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2018 is to provide principles and generic guidelines on risk management. So, this is not the correct answer.