ISO 27001 - What & Why Flashcards
What is a common misconception about ISO 27001?
Many believe ISO 27001 provides detailed instructions on specific security measures, such as backup frequency or technology configurations. In reality, it defines a framework for managing risks but leaves implementation details to organizations.
ISO 27001 does not provide specific technical instructions but rather a _____ for managing risks.
framework
How does ISO 27001 approach information security implementation?
ISO 27001 requires organizations to identify applicable requirements and select appropriate controls based on risk assessment results, rather than prescribing specific controls.
Organizations must select _____ based on risk assessment results, rather than following a fixed list of controls.
appropriate security controls
What is the role of risk assessment in ISO 27001?
Risk assessment helps determine necessary security controls by identifying potential threats and vulnerabilities that could impact the organization’s information security.
A _____ is crucial in determining necessary security controls by identifying threats and vulnerabilities.
risk assessment
Does ISO 27001 mandate specific information security controls?
No, ISO 27001 does not mandate specific controls; organizations must choose controls based on their unique risks and requirements.
ISO 27001 _____, but allows organizations to tailor them based on their risk profile.
does not mandate specific controls
What is the purpose of an Information Security Management System (ISMS) in ISO 27001?
An ISMS provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
An ISMS ensures _____ of information.
confidentiality, integrity, and availability
How does ISO 27001 ensure continuous improvement in information security?
ISO 27001 promotes continuous improvement through regular monitoring, reviews, and updates to the ISMS based on evolving risks and business needs.
_____ in ISO 27001 is achieved through monitoring, reviews, and updates to the ISMS.
Continuous improvement
What is the significance of the Plan-Do-Check-Act (PDCA) cycle in ISO 27001?
The PDCA cycle ensures that the ISMS is effectively implemented, maintained, and continually improved.
The _____ helps organizations implement and improve their ISMS.
Plan-Do-Check-Act (PDCA) cycle
How does ISO 27001 address legal and regulatory requirements?
Organizations must identify and assess applicable legal, regulatory, and contractual requirements to ensure compliance within their ISMS.
ISO 27001 requires organizations to identify and comply with _____ related to information security.
legal, regulatory, and contractual requirements
Why is top management support crucial in ISO 27001 implementation?
Top management support ensures adequate resources, promotes a culture of security, and aligns information security objectives with business goals.
_____ is crucial for providing resources and aligning security with business objectives.
Top management support
How does ISO 27001 handle documentation requirements?
ISO 27001 requires organizations to maintain documented information to support the operation of the ISMS and provide evidence of compliance.
Documentation in ISO 27001 is required to _____.
support ISMS operations and provide compliance evidence
