_isms_27001_fnd_en_sample_set01_v2, Group A

Similar documents
Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

Information Security Management System (ISMS) ISO/IEC 27001:2013

Advent IM Ltd ISO/IEC 27001:2013 vs

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Introduction to ISO/IEC 27001:2005

ITG. Information Security Management System Manual

An Introduction to the ISO Security Standards

ITG. Information Security Management System Manual

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

ISO/IEC FDIS INTERNATIONAL STANDARD FINAL DRAFT. Information technology Security techniques Information security management systems Requirements

Integration Technologies Group, Inc. Uncompromising Performance

ISO/IEC Information technology Security techniques Code of practice for information security controls

Information technology Security techniques Information security controls for the energy utility industry

ISO & ISO & ISO Cloud Documentation Toolkit

ISMS Implementation ISO IT Governance CEN 667

ISO : Competence Requirements Clause 7

Ensuring Information Security in Sumitomo Chemical Group

SYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement

EXAM PREPARATION GUIDE

Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Fiscal 2015 Activities Review and Plan for Fiscal 2016

ISMS Essentials. Version 1.1

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

Third Party Security Review Process

01.0 Policy Responsibilities and Oversight

ISO LEAD AUDITOR TRAINING

WELCOME ISO/IEC 27001:2017 Information Briefing

This document is a preview generated by EVS

ISO/IEC TR TECHNICAL REPORT

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ISA99 - Industrial Automation and Controls Systems Security

An Overview of ISO/IEC family of Information Security Management System Standards

ISO/IEC INTERNATIONAL STANDARD

This document is a preview generated by EVS

Checklist According to ISO IEC 17024:2012 for Certification Bodies for person

Report. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

ISO27001:2013 The New Standard Revised Edition

Information Security Policy

Information Technology General Control Review

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

Information technology Security techniques Code of practice for personally identifiable information protection

The Common Controls Framework BY ADOBE

EXAM PREPARATION GUIDE

ISO/IEC Information technology Security techniques Code of practice for information security management

Accreditation programme for management systems certification bodies NAR IRT Edition 2

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

IT Attestation in the Cloud Era

UGANDA NATIONAL BUREAU OF STANDARDS LIST OF DRAFT UGANDA STANDARDS ON PUBLIC REVIEW

TAN Jenny Partner PwC Singapore

The Pursuit of ISO/IEC 27001:2005 Certification. Joan Ross, CISSP, NSA IEM Moss Adams LLP

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

EXAM PREPARATION GUIDE

This document is a preview generated by EVS

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

BRITISH STANDARDS PUBLISHING LIMITED (BSPL) COPYRIGHT TERMS AND CONDITIONS ELECTRONIC SHOP

Policies and Procedures Date: February 28, 2012

Information Security Exchange

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Data Processing Agreement

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

What is ISO/IEC 27001?

INTERNATIONAL STANDARD

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Predstavenie štandardu ISO/IEC 27005

Information technology Service management. Part 10: Concepts and vocabulary

Procedure for Network and Network-related devices

ISO/IEC INTERNATIONAL STANDARD

Information Security Management System

ISO/IEC INTERNATIONAL STANDARD

Information technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL

LBI Public Information. Please consider the impact to the environment before printing this.

ISA99 - Industrial Automation and Controls Systems Security

Seven Requirements for Successfully Implementing Information Security Policies and Standards

EXAM PREPARATION GUIDE

REQUEST FOR EXPRESSIONS OF INTEREST

Certified Information Security Manager (CISM) Course Overview

Master Information Security Policy & Procedures [Organization / Project Name]

Checklist: Credit Union Information Security and Privacy Policies

Threat and Vulnerability Assessment Tool

Information technology Security techniques Information security management systems Overview and vocabulary

EXAM PREPARATION GUIDE

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

TEL2813/IS2820 Security Management

SECURITY & PRIVACY DOCUMENTATION

Putting It All Together:

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) AND HANDLING OF PERSONAL DATA

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Security Management Models And Practices Feb 5, 2008

Sýnishorn ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

DATA PROCESSING TERMS

Transcription:

1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001 standard is based, at least in parts, on the PDCA approach. c) P stands for "Plan", D for "Do", C for "Check" and A for "Act". 2) According to the section "context of the organization" of ISO/IEC 27001, which of the following activities are required? a) Determine the requirements of interested parties relevant to information security b) Establish organizational responsibilities for suppliers in collaboration with administrative units (0%) c) Determine the interested parties that are relevant to the ISMS 3) What do persons need to be aware of when doing work under the control of an organization that claims conformity against ISO/IEC 27001? a) The implications of not conforming with the ISMS requirements b) All information security risk treatment actions according to the risk treatment plan (0%) c) Their contribution to the effectiveness of the ISMS 4) What is correct with respect to the ISO/IEC 27001 standard? a) The standard specifies requirements for bodies providing audit and certification of information security management systems. (0%) b) The standard defines requirements for an information security management system (ISMS). c) The standard is part of a larger family of standards. 5) Which of the following standards from the ISO/IEC 27000 family contain general, non-sector-specific, guidelines? a) ISO/IEC 27006 (0%) b) ISO/IEC 27019 (0%) c) ISO/IEC 27002 6) Which of the following statements are correct with respect to controls? a) All measures formulated in ISO / IEC 27001 Annex A are of a purely organizational nature (0%) b) Controls may cover processes and policies. c) All controls formulated in ISO/IEC 27001 (Annex A) are of a technical nature. (0%) 7) According to ISO/IEC 27001, what must an organization do as part of their information security risk treatment process? a) Formulate an information security risk treatment plan b) Evaluate information security risks (0%) c) Determine the controls that are necessary to implement the information security risk treatment option(s) chosen Page 1/5

8) Which are the steps that need to be defined and implemented as part of the information security risk assessment process? a) Identify information security risks b) Avoid information security risks (0%) c) Treat Information security risks (0%) 9) According to ISO/IEC 27001, section "Support" (7), what shall an organization do to effectively establish and operate an ISMS? a) Ensure that the security officer has released and approved the information security policy (0%) b) Determine and maintain necessary documentation c) Ensure that relevant persons are aware of their contribution to the effectiveness of the ISMS 10) Which of the following steps need to be performed (among others) by an organization to introduce, maintain, and / or improve an ISMS? a) Identification of information assets and related information security requirements (required level of protection) b) Reporting of serious information security incidents to supervisory authorities (0%) c) Distribution of the risk treatment plan to all interested parties (0%) 11) According to ISO/IEC 27001, section "Leadership" (5), which of the following activities are required by top management to demonstrate their accountability for and commitment to information security and the ISMS? a) Attend all meetings of the computer emergency response team (CERT) (0%) b) Ensure that the resources needed for the ISMS are available c) Ensure that the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization 12) What is confidentiality? a) Property that information is well-known and communicated (0%) b) Property hat an entity is what it claims to be (0%) c) Property that information is not made available or disclosed to unauthorized individuals 13) What should internal ISMS audits provide information about? a) Whether the ISMS meets the organization's requirements. b) Whether the ISMS is being effectively implemented and maintained. c) Which information security incidents could have been avoided. (0%) 14) ISO/IEC 27001 defines control objectives and controls for... a) Asset management b) Human resource security c) Physical and environmental security Page 2/5

15) While operating an ISMS according to ISO/IEC 27001, which of the following activities are required in connection with managing information security risks? a) Risk assessments shall be carried out at planned intervals. b) Every risk assessment shall be followed by a management review of the ISMS. (0%) c) A risk assessment shall be carried out when significant changes are about to occur. 16) Which of the following frameworks, standards, or standard families are primarily concerned with IT or information security (or are referred to as IT or information security standards)? a) FitSM (0%) b) ISO/IEC 27000 c) ISIS12 17) Which of the following activities would top management carry out to demonstrate their engagement in connection with an ISMS? a) Assess all information security risks (0%) b) Show clear commitment to information security objectives c) Conduct audit interviews with all employees (0%) 18) Which of the following statements are correct with respect to ISO/IEC 27001, Annex A? a) Annex A is normative, and where exclusions are made, they must be justified. b) Annex A defines control objectives for information security. c) Annex A is a catalog of security threats. (0%) 19) What is correct with respect to controls in the context of the ISO/IEC 27000 standard? a) In Annex A of the ISO/IEC 27001 standard, each control refers to one or more control objectives. (0%) b) ISO/IEC 27002 covers the same set of controls as defined in Annex A of ISO/IEC 27001. c) Controls are defined in Annex A of the ISO/IEC 27001 standard. 20) Which of the following situations reflect a violation of integrity? a) Information in a document was made available to an unauthorized individual. (0%) b) Information was added to a document by an unauthorized individual. c) A document has not been encrypted. (0%) 21) What must be subject to continual improvement according to ISO/IEC 27001, section "Improvement" (10)? a) The lawfulness of the ISMS (0%) b) The effectiveness of the ISMS c) The accuracy of the ISMS (0%) Page 3/5

22) What are the criteria that must be defined and applied as part of the information security risk assessment process according to ISO/IEC 27001? a) Criteria for performing assessments of risk treatment actions (0%) b) Risk acceptance criteria c) Risk documentation criteria (0%) 23) Which of the following statements are correct with respect to Annex A of ISO/IEC 27001, in particular in the context of information security risk treatment? a) Annex A contains a scope statement that must be adopted by all organizations that claim conformity against ISO/IEC 27001. (0%) b) Annex A contains a comprehensive list of control objectives and controls. c) Annex A provides an overview of the most relevant information security threats that need to be considered when assessing information security risks. (0%) 24) An audit is a process intended to determine the extent to which audit criteria are fulfilled. According to ISO/IEC 27000, which of the following characteristics must the audit process have? a) It must be systematic. b) It must be controlled by an external party. (0%) c) It must be documented. 25) Which of the following statements are correct with respect to confidentiality and integrity of information? a) An appropriate level of confidentiality and integrity can only be achieved by the use of encryption and digital signatures. (0%) b) Confidentiality is the result of protecting information against their disclosure to unauthorized persons. c) Information that are not confidential can not be protected in their integrity. (0%) 26) For which topics does ISO/IEC 27001 (Annex A) define control objectives and controls in the context of section "Operations security" (A.12)? a) Information classification (0%) b) Protection from malware c) Logging and monitoring 27) For which of the following topics does ISO/IEC 27001 define control objectives and controls in Annex A? a) Energy efficiency (0%) b) Organization of information security c) Compliance 28) Which properties of information should be maintained in the context of information security? a) Integrity b) Confidentiality c) Invulnerability (0%) Page 4/5

Powered by TCPDF (www.tcpdf.org) 2018-02-19_isms_27001_fnd_en_sample_set01_v2, Group A 29) What is correct with respect to processes in the context of the ISO/IEC 27000 family of standards? a) According to ISO/IEC 27000, a process is a set of interrelated activities that transform inputs to outputs. b) ISO/IEC 27002 defines 14 information security processes to ensure that the objectives from Annex A of ISO/IEC 27001 can be achieved. (0%) c) Processes are part of a management system. 30) Which of the following statements are correct with respect to internal audits and management reviews? a) A management review is carried out by the organization's top management. b) Internal audits are carried out by an the organization's top management. (0%) c) Management reviews must be carried out at planned intervals. Page 5/5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback