FREE ISO 27000 Foundation Certification Information Security Questions and Answers
Which clause of ISO/IEC 27001 deals with operational planning and control?
Within ISO/IEC 27001, Clause 8.1 relates to operational planning and control. This clause is titled "Operational Planning and Control" and is part of the "Operation" section of the standard.
Clause 8.1 specifies the requirements for establishing, implementing, and maintaining processes to identify and control the organization's operational activities related to information security. It addresses the need to plan and implement controls to manage risks and protect information assets during the operation of the ISMS.
Which clause of ISO/IEC 27001 deals with remedial action?
Within ISO/IEC 27001, Clause 10.1 relates to corrective action. This clause is titled "Nonconformity and Corrective Action" and is part of the "Performance Evaluation" section of the standard.
Clause 10.1 specifies the requirements for addressing nonconformities and implementing corrective actions within the Information Security Management System (ISMS). It focuses on identifying, documenting, and taking appropriate actions to address nonconformities, as well as preventing their recurrence.
How is a "asset" defined in ISO/IEC 27000?
"Asset: Anything that has value to the organization, including tangible and intangible assets."
This definition encompasses a broad range of items that are considered valuable to an organization, including physical assets (such as equipment, facilities, and infrastructure), information assets (such as data, documents, and intellectual property), software assets, personnel, and more.
The key concept is that an asset is anything that holds value to the organization and is therefore worth protecting and managing appropriately to ensure the confidentiality, integrity, and availability of that asset.
What exactly does PDCA mean?
PDCA stands for "Plan, Do, Check, Act." It is a four-step iterative management method used for continuous improvement. The PDCA cycle, also known as the Deming Cycle or Shewhart Cycle, is widely applied in various management systems, including quality management and information security management.
Which of the following now poses a threat to several organizations?
Which of the following, as described in Annex A, are ISO 27001 control sets?
All of the above
The purpose of ISO/IEC 27000 is to provide an overview and vocabulary for information security management systems (ISMS) based on the ISO/IEC 27001 standard. It serves as a foundational document that provides essential information and guidance for organizations seeking to implement and maintain an ISMS.