What is the standard definition of ISMS?
A . Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization’s reputation.
B . A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving
C . A project-based approach to achieve business objectives for establishing,
implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security
D . A systematic approach for establishing, implementing, operating,monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives.
Answer: D
Explanation:
The standard definition of ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives. This definition is given in clause 3.17 of ISO/IEC 27001:2022, and it describes the main components and purpose of an ISMS. An ISMS is not a project-based approach, as it is an ongoing process that requires continual improvement. An ISMS is not a company wide business objective, as it is a management system that supports the organization’s objectives. An ISMS is not an information security systematic approach, as it is a broader concept that encompasses the organization’s context, risks, controls, and performance.
Reference: CQI & IRCA ISO 27001:2022 Lead Auditor Course Handbook, page 15. : ISO/IEC 27001:2022, clause 3.17.
Latest ISO-IEC-27001 Lead Auditor Dumps Valid Version with 100 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund