According to ISO/IEC 27001, what else must an incident management process include?

The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events. According to ISO/IEC 27001, what else must an incident management process include? A. Processes for using knowledge gained from...

September 20, 2024 No Comments READ MORE +

Based on scenario 2, which information security principle is the IT team aiming to ensure by establishing a user authentication process that requires user identification and password when accessing sensitive information?

Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers. Due...

September 18, 2024 No Comments READ MORE +

Based on scenario 3. which information security control of Annex A of ISO/IEC 27001 did Socket Inc. implement by establishing a new system to maintain, collect, and analyze information related to information security threats?

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility. Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did...

September 18, 2024 No Comments READ MORE +

Which principle of information security has been affected in this case?

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the [^involved parties,...

September 18, 2024 No Comments READ MORE +

Which security controls must be implemented to comply with ISO/IEC 27001?

Which security controls must be implemented to comply with ISO/IEC 27001?A . Those designed by the organization onlyB . Those included in the risk treatment planC . Those listed in Annex A of ISO/IEC 27001, without any exceptionView AnswerAnswer: B Explanation: ISO/IEC 27001:2022 does not prescribe a specific set of...

September 17, 2024 No Comments READ MORE +

Which situation described in scenario 1 represents a threat to HealthGenic?

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the [^involved parties,...

September 17, 2024 No Comments READ MORE +

An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents.

An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement7 A. Use of privileged utility programs B. Clock synchronization C. Installation of software on operational systemsView AnswerAnswer: B Explanation: Clock synchronization...

September 15, 2024 No Comments READ MORE +

Based on scenario 5. after migrating to cloud. Operaze's IT team changed the ISMS scope and implemented all the required modifications Is this acceptable?

Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...

September 14, 2024 No Comments READ MORE +

Who should be involved, among others, in the draft, review, and validation of information security procedures?

Who should be involved, among others, in the draft, review, and validation of information security procedures?A . An external expertB . The information security committeeC . The employees in charge of ISMS operationView AnswerAnswer: B Explanation: According to ISO/IEC 27001:2022, clause 7.5.1, the organization shall ensure that the documented information...

September 14, 2024 No Comments READ MORE +

What type of control is this?

Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers. Due...

September 13, 2024 No Comments READ MORE +