Module 1 - The Basics

Question 1

Name nine drivers for implementing ISO 27001

Answer 1

Client confidence

Avoid breaches and fines

Improve company culture

Secure information in all its forms

Manage information securely consistently

Protect the CIA of your data

Increase attack resilience

Respond to evolving threats

Reduce costs associated with info sec

Question 2

What year was the current ISO 27001 and 27002 standards updated?

Answer 2

2022

Question 3

What year was the previous ISO 27001 standard updated?

Answer 3

2013

Question 4

How many themes and controls are in ISO 27001:2022?

Answer 4

4 themes and 93 controls

Question 5

How many new controls were added in ISO 27001:2022?

Answer 5

11 new controls

Question 6

How long was the transition period between ISO 27001:2013 and ISO 27001:2022?

Answer 6

3 years

Question 7

What is a standard?

Answer 7

Specification that something can conform to, approved by a recognised body

Question 8

What does a standard achieve?

Answer 8

Standards provide a reliable basis to review expectations about a product or service

Question 9

Name the 6 Stages an ISO Standard goes through in order?

Mnem: Nutty …

Answer 9

1. New standard / Revision
2. WD – Working Draft
3. CD – Committee Draft
4. DIS – Enquiry Draft International Stage
5. FDIS – Final Draft International Standard
6. IS – International Standard adopted

Nutty Witches Chose Dry Figs Impressively

Question 10

What are the 5 types of stages an ISO standard goes through?

Mnem: Px-xxx

Answer 10

1. Prepatory Stage
2. Committee Stage
3. Enquiry Stage
4. Approval Stage
5. Publication Stage

PC-EAP

Question 11

What does ISO stand for?

Answer 11

International Organisation of Standardisation

Question 12

What does IEC stand for?

Answer 12

International Electrotechnical Commission

Question 13

How does ISO decide what gets published?

Answer 13

Committee vote

Question 14

Through what means do ISO and IEC collaborate?

Answer 14

JTC – Joint Technical Committee

Question 15

What does JTC stand for?

Answer 15

Joint Technical Committee, this is the means for collaboration between ISO and IEC

Question 16

What is the purpose of ISO?

Answer 16

To write International Standards

Question 17

What do ISO use as input for early standard drafts?

Answer 17

ISO take National Standards as input for first drafts of International Standards

Question 18

How long does it typically take for an ISO Standard to progress from WD to CD?

Answer 18

Usually around 3 years

Question 19

What are the 10 Sections of the ISO 27001 Standard?

Sxx-xxx-xxxx

Answer 19

1. Scope
2. Normal References
3. Terms and Definitions
4. Context of the Organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement

SNT-CLP-SOPI
Sent-Clip-Soppy

Question 20

What are the 9 ISMS Principles detailed for ISO 27000:2018 series?

Axx-xxxx-xx

Answer 20

1. Awareness
2. assignment of Responsibility
3. incorporating management/stakeholder Commitment
4. enhancing Societal values
5. controls Proportional to risks
6. security as an Essential element of networks and systems
7. active prevention and Detection of incidents
8. Comprehensive approach to information security management
9. continual reassessment and Improvement

ARC-SPED-CI
Arc-Sped-Sea