Exam ISO-IEC-27001-Lead-Implementer Topic 1 Question 149 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 149
Topic #: 1
How is an "information need' typically defined in the context of ISMS monitoring?

Suggested Answer: C Vote an answer

In the context of ISMS monitoring, an "information need" is typically defined as a high-level security question or statement that management wants answered to support decision-making. It frames what information is required and why, rather than specifying how it will be technically measured.
ISO/IEC 27001:2022 Clause 9.1 - Monitoring, measurement, analysis and evaluation requires organizations to determine:
* what needs to be monitored and measured,
* methods for monitoring and measurement,
* when monitoring and measurement shall be performed,
* and when results shall be analyzed and evaluated.
An information need precedes metrics and indicators. Examples include:
* "Are access controls preventing unauthorized access?"
* "Is incident response timely and effective?"
These are high-level questions, not technical specifications (Option A) and not predefined control lists (Option B). Metrics, dashboards, and KPIs are derived after the information need is defined.
This approach ensures that monitoring remains business-relevant and risk-focused, aligning measurement with objectives and management review requirements.

by Arlen at May 18, 2026, 10:19 PM

Limited Time Offer

15%

Off

Get Premium ISO-IEC-27001-Lead-Implementer Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10