Exam ISO-IEC-27001-Lead-Implementer Topic 3 Question 70 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 70
Topic #: 3
Question #: 70
Topic #: 3
Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the
[^involved parties, including parents, other physicians, and the medical laboratory staff.
Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.
The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.
Intrinsic vulnerabilities, such as the______________ are related to the characteristics of the asset. Refer to scenario 1.
[^involved parties, including parents, other physicians, and the medical laboratory staff.
Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.
The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.
Intrinsic vulnerabilities, such as the______________ are related to the characteristics of the asset. Refer to scenario 1.
Suggested Answer: C Vote an answer
Intrinsic vulnerabilities are related to the characteristics of the asset that make it susceptible to threats, regardless of the presence or absence of controls. In scenario 1, the complicated user interface of the web- based medical software is an intrinsic vulnerability, as it is a feature of the software that makes it difficult to use and increases the likelihood of human errors. The software malfunction and the service interruptions are not intrinsic vulnerabilities, but rather incidents that occurred due to external factors, such as the increased number of users or the software company's actions.
ISO/IEC 27001:2022 Lead Implementer Course Content, Module 6: Risk Assessment and Treatment1; ISO
/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection, Clause 6.1.2: Information security risk assessment2
ISO/IEC 27001:2022 Lead Implementer Course Content, Module 6: Risk Assessment and Treatment1; ISO
/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection, Clause 6.1.2: Information security risk assessment2
by Jim at May 15, 2026, 10:13 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).