Module 5 - Overview of ISO 27001 Flashcards
What is a management system?
A management system uses a framework of resources to achieve an orgs objectives
In which ISO Standard and section is an ISMS defined?
ISO 27000:2018, section 3.2.5
Name 4 positive outcomes of implementing an ISMS?
Meet the orgs info sec objectives
Satisfy customer/stakeholder requirements
Comply with regulations
Manage risk and their risks in an organised manner
In which ISO Standard and section is Implementing Security Controls outlined?
ISO 27000:2018, Section 4.5.5
What consideration should be made when choosing Security Controls?
- Regulations / Legislation
- Org objectives
- Operation requirements and constraints
- Cost proportional to risk
- How to monitor
Which section of ISO 27001 contains the Information Security Controls Reference?
Annex A
How many controls and themes are listed in Annex A?
93 controls in 4 themes
What are the 4 themes for Security Controls in Annex A?
- Organsiation - 37
- People - 8
- Physical - 14
- Technological – 34
Offensive Poets Pinched Turnips
What is ISO 27000:2018?
ISMS overview and defines vocabulary
What is ISO 27001:2022?
Specification for an ISMS
What is ISO 27002:2022?
Catalogue of Security Controls described in detail
What is ISO 27003?
Covers implementation of an ISMS
What is ISO 27004?
Covers monitoring, analysis and evaluation of an ISMS
Which Standards of the ISO 27000 family can you be certified against?
ISO 27001 is the only Standard you can be certified against
What information does an ISO 27002 Control Description contain?
- Control Title - name
- Attribute table – value of attributes for a control
- Control – what the control is
- Purpose – when it should be used
- Guidance – how it should be implemented
- Other Info – other texts or refs
TAC-PG-O
