ISO 27001 practice text
Within ISO/IEC 27001, what clause relates to corrective actions?
10.1
Within ISO/IEC 27001, which clause relates to leadership?
5
How does the ISO/IEC 27000 define an information system
A set of applications, services, information technology assets or other information handling components
How does ISO/IEC 27000 define an asset?
Anything that is of value to the organization
When should organizations perform an information risk assessment?
At planned intervals or when significant changes are proposed to occur
Information security objectives shall be
Consistent within the organization security policy measurable communicated
What are some examples of threats to many organizations
Fraud Loss of information Unauthorized access
which ISO document provides guidelines for information security risk management in an organization
ISO/IEC 27005
What are ISO 27001 control sets, as outlined in Annex?
Information security policies Assess management Access control
What does PDCA stand for?
Plan, Do, Check, Act
What is the purpose of ISO/IEC 27000?
Provides terms and definitions commonly used in ISO 27001
Clause 5.2 states ____ shall establish an information security policy
Top management
In line with clause 9.3, who shall review the organizations information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness?
Top management
Within ISO standards, what "shall" indicate?
a requirement
Person doing work under the organizations control shall be aware of
the information security policy their contribution of the effectiveness of the information security systems, including the benefits of improved information security performance the implications of not conforming with the information security management systems requirements