Exam ISO-IEC-27001-Lead-Implementer Topic 6 Question 47 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 47
Topic #: 6
Question #: 47
Topic #: 6
What should an organization allocate to ensure the maintenance and improvement of the information security management system?
Suggested Answer: B Vote an answer
Explanation
According to ISO/IEC 27001:2022, clause 10.2.2, the organization shall define and apply an information security incident management process that includes the following activities:
reporting information security events and weaknesses;
assessing information security events and classifying them as information security incidents; responding to information security incidents according to their classification; learning from information security incidents, including identifying causes, taking corrective actions and preventive actions, and communicating the results and actions taken; collecting evidence, where applicable.
The standard does not specify who should perform these activities, as long as they are done in a consistent and effective manner. Therefore, the organization may choose to conduct forensic investigation internally or by using external consultants, depending on its needs, resources, and capabilities. However, the organization should ensure that the external consultants are competent, trustworthy, and comply with the organization's policies and procedures.
References: ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, clause 10.2.2; PECB ISO/IEC 27001 Lead Implementer Course, Module 10: Incident Management.
According to ISO/IEC 27001:2022, clause 10.2.2, the organization shall define and apply an information security incident management process that includes the following activities:
reporting information security events and weaknesses;
assessing information security events and classifying them as information security incidents; responding to information security incidents according to their classification; learning from information security incidents, including identifying causes, taking corrective actions and preventive actions, and communicating the results and actions taken; collecting evidence, where applicable.
The standard does not specify who should perform these activities, as long as they are done in a consistent and effective manner. Therefore, the organization may choose to conduct forensic investigation internally or by using external consultants, depending on its needs, resources, and capabilities. However, the organization should ensure that the external consultants are competent, trustworthy, and comply with the organization's policies and procedures.
References: ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, clause 10.2.2; PECB ISO/IEC 27001 Lead Implementer Course, Module 10: Incident Management.
by Clark at Feb 17, 2025, 04:47 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).