Exam ISO-IEC-27035-Lead-Incident-Manager Topic 5 Question 22 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 22
Topic #: 5
Question #: 22
Topic #: 5
Who is responsible for approving an organization's information security incident management policy?
Suggested Answer: A Vote an answer
Comprehensive and Detailed Explanation:
According to ISO/IEC 27001:2022 and ISO/IEC 27035-2:2016, top management holds accountability for ensuring the alignment of security policies with organizational objectives. Policy approval, particularly for something as critical as incident management, must be authorized by top-level decision-makers to ensure authority, enforcement, and resource support.
Reference:
ISO/IEC 27001:2022, Clause 5.1: "Top management shall demonstrate leadership and commitment...
including approval of the information security policy."
ISO/IEC 27035-2:2016, Clause 4.3: "The policy should be approved and issued by top management." Correct answer: A
-
According to ISO/IEC 27001:2022 and ISO/IEC 27035-2:2016, top management holds accountability for ensuring the alignment of security policies with organizational objectives. Policy approval, particularly for something as critical as incident management, must be authorized by top-level decision-makers to ensure authority, enforcement, and resource support.
Reference:
ISO/IEC 27001:2022, Clause 5.1: "Top management shall demonstrate leadership and commitment...
including approval of the information security policy."
ISO/IEC 27035-2:2016, Clause 4.3: "The policy should be approved and issued by top management." Correct answer: A
-
by Rod at May 21, 2026, 01:16 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).