ISO27001 and ISO27002: Chapter 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

If a company does not practice due care and due diligence what might be the consequences?

Legal ramifications if negligence is proven, fines, reputation, loss of revenue and customers, etc.

An effective information architecture enables people to step logically through a system confident they are going to get closer to the information they require.

Most people only notice information architecture when it inhibits them and stops them from being able to find the information they require.

What is due care?

Pertains to acting responsibly and acting with "care" and "doing the right thing." This also pertains to creating the necessary policies, procedures and standards. Implementing countermeasures to provide protection from those threats.

What does the PDCA model stand for?

Plan - Do - Check - Act, aka Deming's quality circle

What is due diligence?

Due diligence is the act of gathering the necessary information so the best decision-making activities can take place. Is knowing what threats exist.

what is the difference between data and information?

Data can be processed by information technology and once data has meaning and becomes knowledge it is then information.

In what phase of the PDCA would you carry out necessary corrections as a result of the audit?

In the Act (maintain) phase

In what phase of the PDCA would you conduct a self-assessment (audit) to determine if the policies have been implemented correctly?

In the Check (monitor) phase

In what phase of the PDCA would you implement the underlying procedures and measures?

In the Do (implement)phase

In what phase of the PDCA would security objectives and relevant processes and procedures be defined?

In the design (planning) phase

Ensembles d'études connexes