The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events.
According to ISO/IEC 27001, what else must an incident management process include?
A. Processes for using knowledge gained from information security incidents
B. Establishment of two information security incident response teams
C. Processes for handling information security incidents of suppliers as defined in their agreements
Answer: A
Explanation:
According to ISO/IEC 27001, an incident management process must include processes for using knowledge gained from information security incidents to reduce the likelihood or impact of future incidents, and to improve the overall level of information security. This means that the organization should conduct a root cause analysis of the incidents, identify the lessons learned, and implement corrective actions to prevent recurrence or mitigate consequences. The organization should also document and communicate the results of the incident management process to relevant stakeholders, and update the risk assessment and treatment plan accordingly. (Must be taken from ISO/IEC 27001 : 2022 Lead Implementer resources)
Reference: ISO/IEC 27001 : 2022 Lead Implementer Study guide and documents, specifically:
ISO/IEC 27001:2022, clause 10.2 Nonconformity and corrective action
ISO/IEC 27001:2022, Annex A.16 Information security incident management
ISO/IEC TS 27022:2021, clause 7.5.3.16 Information security incident management process
PECB ISO/IEC 27001 Lead Implementer Course, Module 9: Incident Management
Latest ISO-IEC-27001 Lead Implementer Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund