Which standard outlines a comprehensive set of information security management guidelines?

The correct answer is ISO 27001, which provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard lays out the requirements for organizations to effectively manage and protect sensitive information through a risk management approach. By adhering to ISO 27001, organizations can systematically identify, assess, and mitigate risks to their information assets, ensuring compliance with relevant regulations and enhancing overall security posture.

ISO 27001 emphasizes the importance of creating a tailored ISMS that suits the specific context and needs of the organization. It sets forth requirements for creating policies, defining roles and responsibilities, and ensuring that ongoing monitoring and review processes are in place for continuous improvement.

In contrast, ISO 27002 serves as a code of practice for information security controls, providing guidelines on implementing controls but not establishing a comprehensive management system. ISO 27005 focuses specifically on information security risk management and doesn't cover the full range of management guidelines like ISO 27001. ISO 22301 deals with business continuity management systems, which, while related, does not specifically address information security management as comprehensively as ISO 27001 does.