What type of security control has been implemented in this case?
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers. Due...
What is the impact of this action?
An employee of the organization accidentally deleted customers' data stored in the database. What is the impact of this action?A . Information is not accessible when requiredB . Information is modified in transitC . Information is not available to only authorized usersView AnswerAnswer: A Explanation: According to ISO/IEC 27001:2022, availability...
Which control category does this control belong to?
An organization has implemented a control that enables the company to manage storage media through their life cycle of use. acquisition, transportation and disposal. Which control category does this control belong to? A. Organizational B. Physical C. TechnologicalView AnswerAnswer: B Explanation: According to ISO/IEC 27001:2022, the control that enables the...
Which statement below suggests that Beauty has implemented a managerial control that helps avoid the occurrence of incidents?
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers. Due...
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers. Due...
Which level of maturity does this control refer to?
An organization has adopted a new authentication method to ensure secure access to sensitive areas and facilities of the company. It requires every employee to use a two-factor authentication (password and QR code). This control has been documented, standardized, and communicated to all employees, however its use has been "left...
What led Operaze to implement the ISMS?
Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...
Based on scenario 3, what would help Socket Inc. address similar information security incidents in the future?
Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility. Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did...
What is the next step that Operaze's ISMS implementation team should take after drafting the information security policy?
Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...
What does this statement describe?
'The ISMS covers all departments within Company XYZ that have access to customers' data. The purpose of the ISMS is to ensure the confidentiality, integrity, and availability of customers' data, and ensure compliance with the applicable regulatory requirements regarding information security." What does this statement describe?A . The information systems...