An organization has implemented a control that enables the company to manage storage media through their life cycle of use. acquisition, transportation and disposal.
Which control category does this control belong to?
A. Organizational
B. Physical
C. Technological
Answer: B
Explanation:
According to ISO/IEC 27001:2022, the control that enables the organization to manage storage media through their life cycle of use, acquisition, transportation and disposal belongs to the category of physical and environmental security. This category covers the controls that prevent unauthorized physical access, damage and interference to the organization’s information and information processing facilities. The specific control objective for this control is A.11.2.7 Secure disposal or reuse of equipment1, which states that "equipment containing storage media shall be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or reuse."2
Reference: ISO/IEC 27001:2022, Annex A
ISO/IEC 27002:2022, clause 11.2.7
Latest ISO-IEC-27001 Lead Implementer Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund