2 - ISMS and the ISO 27001 Standards Family

Question 1

Critical factors to ans ISMS

Answer 1

CIA

Question 2

Key components for IS policy

Answer 2

Process / procedure
Technology
User behaviour

Question 3

Project Plan - Documentation - 11 sections

Answer 3

• Business continuity planning
• System acquisition, development and maintenance
• IS incident management
• Communication and operations management
• Physical and environmental security
• Personal security
• System access control
• Security policies
• Security organisation
• Compliance
• Asset classification and control

Question 4

Project Plan - Decision making

Answer 4

• Existing IT maturity levels
• Customer requirements
• Existing training programs
• Business objectives and priorities
• Adherence to internal processes
• Internal audit capability
• Existing compliance efforts and legal requirements
• The entreprise’s ability to adapt to change
• User acceptability and awarness
• Contractual obligations

Question 5

PDCA meaning

Answer 5

Plan - do - check - act

Question 6

PDCA steps

Answer 6

ISMS policy
scope of the ISMS
Perform a security risk assessment
Manage the identified risk
Select controls to be implemented and applied
Prepare an SOA (statement of applicability)

Question 7

SOA meaning

Answer 7

statement of applicability

Question 8

The eleven phases of Implementation

Answer 8

Identify Business Objectives
Obtain Management Support
Select the proper scope of implementation
Define a method of risk assessment
Prepare an inventory of information assets to protect, and rank them according to risk based on risk assessment
Manage the risks, and create a risk treatment plan
Set up policies and procedures to control risks
Allocate resources, and train the staff
Monitor the implementation of the ISMS
Prepare for the certification audit
COnduct periodic reassessment audits

Question 9

The governing principle behind an ISMS is …

Answer 9

an organisation should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets

Question 10

Process Approach - Phase 1

Answer 10

Scope, design and build

Question 11

Process Approach - Phase 2

Answer 11

First cycle of implementation, operation, monitoring and improvement

Question 12

Process Approach - Phase 3 (BAU)

Answer 12

Operate, monitor and improve

Question 13

Define what is a BAU

Answer 13

When the integration of the ISMS processes and controls are complete, the ISMS becomes a BAU (Business as Usual) system

Question 14

Define what is a BAU

Answer 14

When the integration of the ISMS processes and controls are complete, the ISMS becomes a BAU (Business as Usual) system

Question 15

PDCA - plan

Answer 15

policy, ISMS process, procedures and objectives for risk management and improvement of IS

Question 16

PDCA - do

Answer 16

implement and exploit ISMS policy, controls, processes and procedures

Question 17

PDCA - check

Answer 17

assess the performances, policies and practical experience and report the result for management review

Question 18

PDCA - act

Answer 18

Update and improve the system