Which two common security frameworks are used today to assess and validate a vendor’s security practices? (Choose two.)

Which two common security frameworks are used today to assess and validate a vendor’s security practices? (Choose two.)
A . Data Science Council of America
B . Building Security in Maturity Model
C . ISO 27001
D . NIST Cybersecurity Framework

View Answer

Answer: B, C

Explanation:

The Building Security in Maturity Model (BSIMM) is a framework that measures and compares the security activities of different organizations. It helps organizations to assess their current security practices and identify areas for improvement. ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and improving an information security management system. It helps organizations to manage their information security risks and demonstrate their compliance with best practices. Data Science Council of America (DASCA) is not a security framework, but a credentialing body for data science professionals. NIST Cybersecurity Framework (NIST CSF) is a security framework, but it is not commonly used to assess and validate a vendor’s security practices, as it is more focused on improving the cybersecurity of critical infrastructure sectors in the United States.

Reference: [BSIMM], [ISO 27001], [DASCA], [NIST CSF].