Exam (elaborations)
ISO 27001 LEAD AUDITOR -ADVISERA EXAM
- Course
- Institution
ISO 27001 LEAD AUDITOR -ADVISERA EXAM...
[Show more]
Content preview
ISO 27001 LEAD AUDITOR -ADVISERAEXAM
Information Security and IT Security are the same thing - ANSWER False
An Information Security Management System is a systematic approach for
managing and protecting a company's information. - ANSWER True
The PDCA cycle is - ANSWER A method used for implementation and
maintenance of an Information Security Management System in organizations
The following roles are common in the ISMS implementation process -
ANSWER Project team
Top management
Project manager
Achieving compliance is one of the main benefits of implementing ISO 27001 -
ANSWER True
ISO 27001 requires the identification of interested parties significant for the
information security in your organization to be documented. - ANSWER False
In order to define the ISMS scope, the company shoulder consider: - ANSWER
1. Requirements of the interested parties
2. External and internal issues
3. Activities that are carried out by your organization and the activities
performed by other organizations, such as partners, associates, or an
outsourcing company; how those activities are related; and how they depend on
each other
When defining the information security objectives, the following aspects should
be taken into consideration: - ANSWER 1. Should be aligned with Information
Security policy
2. Should be measurable
3. Should be updated in order to reflect the current situation of the company and
its ISMS
, 4. Should be communicated to all interested parties
Regarding the resources, ISO 27001 requires companies to: - ANSWER 1.
identify the needed resources for the ISMS
2. ensure they are available for everyday operation
3. ensure they are available for continual improvement of the ISMS
Regarding competences, ISO 27001 requires the company to: - ANSWER 1.
Define necessary competences of employees related to information security
2. Make sure that employees have the appropriate training and experience
3. Keep documented evidence that the employees really have the required
competences
The risk management process consists of the following steps: - ANSWER 1.
Conduct risk assessment
2. Create statement of applicability
3. Define risk assessment methodology
4. Select risk treatment options
5. Create the risk treatment plan
According ISO 27001, the risk assessment must include the following elements:
- ANSWER 1. Risk evaluation
2. Risk identification
3. Risk analysis
Risk analysis includes assessment of the impact the risk can have on the
company and assessment of the likelihood that the identified risk can really
happen. The assessment scale for the impact and the likelihood must vary
between the values 1 and 10. - ANSWER False
After formulating a risk treatment plan, the Statement of Applicability must be
documented. - ANSWER False
The Statement of Applicability must include the following information: -
ANSWER 1. List of all the controls from Annex A and any additional controls
that might be identified in the risk treatment process
2. Information regarding whether the listed controls are implemented in the
organization
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82215 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now