Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISO 27001:2022 Lead Implemeter Study cards > All Modules > Flashcards

All Modules Flashcards

1
Q

Owns information security, approves the policy?

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Are responsible for their own processes, risks and countermeasures

A

Departments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Has a role with respect to the organisation’s information security stance

A

Everyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Coordinates tasks to deliver project

A

Project Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identify and evaluate risks

A

Risk assessors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Coordinate controls to mitigate risks and accept residual risk.

A

Risk owners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Set of interrelated or interacting activities that use inputs to deliver an intended result

A

process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Specified way to carry out an activity or a process

A

Procedure (can be documented or not)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Document stating results achieved or providing evidence of activities performed

A

Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Mandatory requirements of what does need to be documented in ISO 27001

A
  • Scope (4.3)
  • Information security policy (5.2 e)
  • Information security risk assessment process (6.1.2)
  • Statement of Applicability.
  • Information security objectives. (6.2)
  • Evidence of competence (7.2)
  • Results of information security risk assessments (8.2)
  • Results of information security risk treatment (8.3)
  • Evidence of the information security performance monitoring and measurement results (9.1)
  • Internal audit programme(s) and the audit results (9.2.2)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Action taken to eliminate the cause of a nonconformity.

A

Corrective action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Immediate action to eliminate a detected nonconformity

A

Correction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Size and complexity of an ISMS should be customised to the organisation?
True or false

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Management system documentation should include the company names of the service providers?
True or False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Documents go through five stages as part of their lifecycle
True or False

A

True

Written
Reviewed and reworked
Approved
Distributed
Archived

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Processes can be split into as many different documents as needed
True or False?

A

True

17
Q

Documents should require more than one person to authorise amendments.
True or False

A

False

18
Q

You should wait to publish management system documents just before an audit
True or False

A

False
Publish as soon as signed off

19
Q

Every process and procedure should include who does what, where and when.
True or False

A

True

20
Q

What are the parts of the RACI matrix?

A

Responsible
Accountable
Consulted
Informed

The RACI matrix applies to all processes

21
Q

Policies and objectives should be consistent with organisational objectives
True or False

A

True

22
Q

The management system should be integrated into business processes.
True or False

A

True

23
Q

Policies should never be shared with people outside the organisation
True or False

A

False

24
Q

The scope doesn’t need to include remote workers.
True or False

A

False

25
Q

CEO support is crucial to having an effective ISMS.
True or False

A

True

26
Q

The information security policy must include information security objectives.
True or False

A

True

27
Q

Which of these should be determined in the scope? (select all that apply.)
A - Supplers
B - Outsourced functions or processes
C - External and Internal issues for the organisation and its context.
D - Requirements of interested parties.

A

B C D

28
Q

SMART

A
29
Q

The four options for risk decision are?

A

Terminate
Tolerate
Treat
Transfer

30
Q

ISMS Principals (9)

A

1 Awareness
2 Assignment of responsibility
3 Incorporating management commitment and the interests of stakeholders
4 Enhancing societal values
5 Controls proportional to risks
6 Security as an essential element of networks and systems
7 Active prevention and detection of incidents
8 Comprehensive approach to information security management
9 continual reassessment and improvement

31
Q

Standard

A

A specification to which something can conform

ISO 27001:2022 Lead Implemeter Study cards (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions