Exam ISO-IEC-27035-Lead-Incident-Manager Topic 3 Question 65 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 65
Topic #: 3
Question #: 65
Topic #: 3
Scenario 3: L&K Associates is a graphic design firm headquartered in Johannesburg, South Africa. It specializes in providing innovative and creative design solutions to clients across various industries. With offices in multiple parts of the country, they effectively serve clients, delivering design solutions that meet their unique needs and preferences.
In its commitment to maintaining information security, L&K Associates is implementing an information security incident management process guided by ISO/IEC 27035-1 and ISO/IEC 27035-2. Leona, the designated leader overseeing the implementation of the incident management process, customized the scope of incident management to align with the organization's unique requirements. This involved specifying the IT systems, services, and personnel involved in the incident management process while excluding potential incident sources beyond those directly related to IT systems and services.
Based on scenario 3, did Leona follow all the ISO/IEC 27035-1 guidelines when communicating the information security incident management policy to interested parties?
In its commitment to maintaining information security, L&K Associates is implementing an information security incident management process guided by ISO/IEC 27035-1 and ISO/IEC 27035-2. Leona, the designated leader overseeing the implementation of the incident management process, customized the scope of incident management to align with the organization's unique requirements. This involved specifying the IT systems, services, and personnel involved in the incident management process while excluding potential incident sources beyond those directly related to IT systems and services.
Based on scenario 3, did Leona follow all the ISO/IEC 27035-1 guidelines when communicating the information security incident management policy to interested parties?
Suggested Answer: B Vote an answer
Comprehensive and Detailed Explanation:
According to ISO/IEC 27035-1:2016, effective communication of the incident management policy must include not only policy content, roles, and responsibilities but also specific procedural aspects-such as how to report an incident and who to contact. This ensures that all stakeholders clearly understand their responsibilities in the event of an incident and know how to respond.
In the scenario, Leona communicated the outcomes of incidents, mitigation strategies, personnel obligations, and policy content. However, she did not include the incident reporting procedures or contact points, which are essential components of incident communication as per ISO guidelines.
Reference:
ISO/IEC 27035-1:2016, Clause 6.1: "Communication of the incident management policy should include reporting channels, escalation contacts, and policy revision frequency." Therefore, the correct answer is B.
-
According to ISO/IEC 27035-1:2016, effective communication of the incident management policy must include not only policy content, roles, and responsibilities but also specific procedural aspects-such as how to report an incident and who to contact. This ensures that all stakeholders clearly understand their responsibilities in the event of an incident and know how to respond.
In the scenario, Leona communicated the outcomes of incidents, mitigation strategies, personnel obligations, and policy content. However, she did not include the incident reporting procedures or contact points, which are essential components of incident communication as per ISO guidelines.
Reference:
ISO/IEC 27035-1:2016, Clause 6.1: "Communication of the incident management policy should include reporting channels, escalation contacts, and policy revision frequency." Therefore, the correct answer is B.
-
by Hilda at Apr 06, 2026, 01:18 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).