ISO 27000 Foundation ISMS Fundamentals and Vocabulary Questions and Answers

Question 1

According to ISO/IEC 27000, which of the following BEST defines 'information security'?

Accepted Answer

The preservation of confidentiality, integrity, and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

Answer

The protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments.

Answer

A systematic approach to establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization's information security to achieve business objectives.

Answer

The process of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information.

Question 2

A financial services company is implementing an Information Security Management System (ISMS). They are currently identifying anything that has value to the organization, including customer data, proprietary software, and servers. In the context of ISO/IEC 27000, what is the correct term for these items?

Accepted Answer

Assets

Answer

Controls

Answer

Risks

Answer

Vulnerabilities

Question 3

Which standard in the ISO 27000 family provides the overview, fundamental principles, and vocabulary for an ISMS?

Accepted Answer

ISO/IEC 27000

Answer

ISO/IEC 27001

Answer

ISO/IEC 27002

Answer

ISO/IEC 27005

Question 4

What is the primary purpose of an Information Security Management System (ISMS) as described in the ISO 27000 series?

Accepted Answer

To provide a systematic approach for establishing, implementing, maintaining, and continually improving information security.

Answer

To guarantee the complete elimination of all information security incidents.

Answer

To exclusively implement technical controls to prevent cyberattacks.

Answer

To satisfy legal and regulatory requirements as the sole objective.

Question 5

A weakness in a system's security procedures, design, implementation, or internal controls that could be exploited by a threat source is known as a:

Accepted Answer

Vulnerability

Answer

Risk

Answer

Consequence

Answer

Threat

Question 6

Which of the following is NOT considered one of the three core properties of information security defined in the CIA triad within ISO/IEC 27000?

Accepted Answer

Accountability

Answer

Confidentiality

Answer

Integrity

Answer

Availability