Which of the following is/are true regarding ISO 27002?
1. It contains the requirements for implementation of the controls in
Annex A of ISO 27001.
2. It is the code of practice for information security controls and provides
best practice advice
for the implementation of the controls listed in Annex A of ISO 27001.
3. It is the document against which an organization's implementation of
controls is audited.
A. 2 only
B. 1 and 3
C. 1, 2, and 3
D. 1 only - ANSWER A. 2 only
2 The risk assessment methodology should be designed to:
A. Work on a spread sheet
B. Deliver consistent, valid and comparable results
C. Accommodate both quantitative and qualitative methodologies
D. Minimise the amount of time and effort required - ANSWER B. Deliver
consistent, valid and comparable results
When conducting an internal audit, who determines whether an ISMS
conforms to an organisation's requirements?
A. Interested parties
B. Auditors
C. The board of directors - ANSWER A. Auditors
4 How does ISO27000:2012 define information security?
, A. Maintaining the 'top secret' nature of highly confidential information
B. Preservation of confidentiality, integrity and availability of information
C. Documented statement describing the control objectives and controls
that
are relevant and applicable to an organisation's ISMS
D. Option for companies to ensure that confidential information is safe -
ANSWER A. Preservation of confidentiality, integrity and availability of
information
5 What could be either an enabler or a hinderance to the success of an
ISMS? - ANSWER Culture of the organization
6 What determines where the risk sits on the risk assessment matrix? -
ANSWER A. The combination of the likelihood and consequence if the
risk materialized
What is essential to ensure an ISMS serves the organization?
A. Carry out a risk assessment before doing anything
B. Protecting the confidentiality and integrity of information by restricting
access to it
C. Reflecting the business, legal and regulatory drivers for information
security
D. Ensuring the cost of implementing controls does not exceed the cost
of risk - ANSWER Reflecting the business, legal and regulatory drivers
for information security
A risk decision could result in:
1. Acceptance
2. Rejection
3. Insurance
4. Application of one or more controls - ANSWER A. 2 and 3 only
B. 1, 2, 3 and 4
C. 1 and 2
D. 1 and 3
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.