Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISMS > 27001:2013 controls > Flashcards

27001:2013 controls Flashcards

1
Q

A.[5-9]

A 
A.5 Information security policies
A.6 Organization of information security
A.7 Human resource security
A.8 Asset management
A.9 Access control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A.[10-14]

A 
A.10 Cryptography
A.11 Physical and environmental security
A.12 Operations security
A.13 Communications security
A.14 System acquisition, development and maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A.[15-8]

A

A.15 Supplier relationships
A.16 Information security incident management
A.17 Information security aspects of business continuity management
A.18 Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A.5

A 
ISP Information security policies
A.5.1 Management direction for information security
To provide 
management direction and support 
for information security 
in accordance with
business requirements 
and relevant laws 
and regulations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A.6

A 
OIS Organization of information security
A.6.1 Internal organization
To establish a 
management framework 
to initiate and control 
the implementation and operation of 
information security 
within the organization.
A.6.2 Mobile devices and teleworking
To ensure 
the security of 
teleworking and use of mobile devices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A.7

A 
HRS Human resource security
A.7.1 Prior to employment
To ensure that 
employees and contractors 
understand their responsibilities 
and are suitable for 
the roles for which they are considered.
A.7.2 During employment
To ensure that 
employees and contractors are 
aware of and fulfil their 
information security
responsibilities.
A.7.3 Termination and change of employment
To protect the 
organization’s interests 
as part of the process of 
changing or terminating employment.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A.8

A 
AM Asset management
A.8.1 Responsibility for assets
To identify organizational assets 
and define appropriate protection responsibilities
A.8.2 Information classification
To ensure that 
information receives 
an appropriate level of protection 
in accordance with 
its importance to the organization
A.8.3 Media handling
To prevent 
unauthorized 
   disclosure, 
   modification, 
   removal or 
   destruction 
of information
stored on media.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A.9

A 
AC Access control
A.9.1 Business requirements of access control
To limit access to 
information and 
information processing facilities.
A.9.2 User access management
To ensure 
authorized user access and 
to prevent unauthorized access to 
systems and services.
A.9.3 User responsibilities
To make 
users accountable for 
safeguarding their authentication information.
A.9.4 System and application access control
To prevent unauthorized access 
to systems and applications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A.10

A 
C Cryptography
A.10.1 Cryptographic controls
To ensure 
proper and effective 
use of cryptography to 
protect the 
    confidentiality, 
    authenticity and/or 
    integrity of 
information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A.11

A 
PES Physical and environmental security
A.11.1 Secure areas
To prevent 
unauthorized physical 
	access, 
	damage and 
	interference to the 
organization’s information and 
information processing facilities
A.11.2 Equipment
To prevent 
   loss, 
   damage, 
   theft or 
   compromise of 
assets and 
interruption to the organization’s operations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A.12

A 
OS Operations security
A.12.1 Operational procedures and responsibilities
To ensure
correct and secure operations of 
information processing facilities.
A.12.2 Protection from malware
To ensure that 
information and information processing facilities are 
protected against malware.
A.12.3 Backup
To protect 
against loss of data.
A.12.4 Logging and monitoring
To record events and 
generate evidence.
A.12.5 Control of operational software
To ensure the 
integrity of operational systems
A.12.6 Technical vulnerability management
To prevent 
exploitation of technical vulnerabilities.
A.12.7 Information systems audit considerations
To minimise the 
impact of audit activities on 
operational systems.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A.13

A

CS Communications security
A.13.1 Network security management
To ensure the
protection of information in networks and
its supporting information processing facilities.
A.13.2 Information transfer
To maintain the
security of information transferred
within an organization and with any external entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A.14

A 
SADM System acquisition, development and maintenance
A.14.1 Security requirements of information systems
To ensure that 
information security is 
an integral part of information systems
across the entire lifecycle.
This also includes the requirements for 
information systems 
which provide services
over public networks.
A.14.2 Security in development and support processes
To ensure that 
information security is 
designed and implemented 
within the development lifecycle of information systems.
A.14.3 Test data
To ensure the 
protection of data used for testing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A.15

A

SR Supplier relationships
A.15.1 Information security in supplier relationships
To ensure
protection of the organization’s assets that
is accessible by suppliers.
A.15.2 Supplier service delivery management
To maintain an
agreed level of
information security and service delivery
in line with supplier agreements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A.16

A

ISIM Information security incident management
A.16.1 Management of information security incidents and improvements
To ensure a
consistent and effective approach to the
management of information security incidents,
including communication on
security events and weaknesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A.17

A 
ISaBCM Information security aspects of business continuity management
A.17.1 Information security continuity
Information security continuity 
shall be embedded in 
the organization’s business continuity management systems.
A.17.2 Redundancies
To ensure 
availability of 
information processing facilities.
17
Q

A.18

A 
Cmp Compliance
A.18.1 Compliance with legal and contractual requirements
To avoid 
breaches of 
	legal, 
	statutory, 
	regulatory or 
	contractual obligations 
related to 
information security and of 
any security requirements
A.18.2 Information security reviews
To ensure that 
information security is 
implemented and operated in 
accordance with the
organizational policies and 
procedures.

ISMS (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions