Caroline has been asked to find an international standard to guide her company’s choices in implementing information security management systems. Which of the following would be the best choice for her?

Caroline should select ISO 27002. ISO 27002 is an international standard for imple-menting and maintaining information security systems. ISO 27701 is an international standard security technique for privacy information management systems; NIST 800-12 is a general security standard and it is a US standard, not an international one; and NIST 800-53 is a collection of security and privacy controls for information systems and organizations.