ISO 27001 practice text

Within ISO/IEC 27001, what clause relates to corrective actions?

10.1

Within ISO/IEC 27001, which clause relates to leadership?

5

How does the ISO/IEC 27000 define an information system

A set of applications, services, information technology assets or other information handling components

How does ISO/IEC 27000 define an asset?

Anything that is of value to the organization

When should organizations perform an information risk assessment?

At planned intervals or when significant changes are proposed to occur

Information security objectives shall be

Consistent within the organization security policy measurable communicated

What are some examples of threats to many organizations

Fraud Loss of information Unauthorized access

which ISO document provides guidelines for information security risk management in an organization

ISO/IEC 27005

What are ISO 27001 control sets, as outlined in Annex?

Information security policies Assess management Access control

What does PDCA stand for?

Plan, Do, Check, Act

What is the purpose of ISO/IEC 27000?

Provides terms and definitions commonly used in ISO 27001

Clause 5.2 states ____ shall establish an information security policy

Top management

In line with clause 9.3, who shall review the organizations information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness?

Top management

Within ISO standards, what "shall" indicate?

a requirement

Person doing work under the organizations control shall be aware of

the information security policy their contribution of the effectiveness of the information security systems, including the benefits of improved information security performance the implications of not conforming with the information security management systems requirements