An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents.

An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents.

Which control should it implement7

A. Use of privileged utility programs

B. Clock synchronization

C. Installation of software on operational systems

Answer: B

Explanation:

Clock synchronization is the control that enables the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. According to ISO/IEC 27001:2022, Annex A, control A.8.23.1 states: “The clocks of all relevant information processing systems within an organization or security domain shall be synchronized with an agreed accurate time source.” This ensures that the timestamps of the events and data are consistent and accurate across different systems and sources, which facilitates the identification of causal relationships, patterns, trends, and anomalies. Clock synchronization also helps to establish the sequence of events and the responsibility of the parties involved in an incident.

Reference: ISO/IEC 27001:2022, Annex A, control A.8.23.1

PECB ISO/IEC 27001 Lead Implementer Course, Module 7, slide 21

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments