Which ISO standard specifies requirements for establishing information security management systems?

The correct choice identifies ISO/IEC 27001 as the standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard provides a systematic approach to managing sensitive company information, ensuring that it remains secure. It includes comprehensive guidelines that organizations can follow to assess their information security risks, implement appropriate controls, and demonstrate compliance with legal, regulatory, and contractual requirements.

ISO/IEC 27001 is foundational for organizations aiming to secure their information assets and provides a clear framework that enhances their ability to protect data against unauthorized access and breaches. The standard emphasizes a risk-based approach, ensuring organizations continuously improve their security posture.

Other standards mentioned, such as ISO/IEC 27043:2015, ISO/IEC 27050-1:2016, and ISO/IEC 27042:2015, relate to specific aspects of information security management but do not serve as the primary standard that outlines the requirements for establishing an ISMS like ISO/IEC 27001 does.