ISO27001 – LEAD IMPLEMENTER EXAM
QUESTIONS AND ANSWERS
systematic checklist of what the top management must do - ANSWER 1) set
their business expectations (objectives) for information security
2)publish a policy on how to control whether those expectations are met
3) designate main responsibilities for information security
4) provide enough money and human resources
5) regularly review whether all the expectations were met
Four key benefits of ISO 27001 implementation - ANSWER 1. Compliance
quickest "return on investment" - if an organization must comply to various
regulations regarding data protection, privacy and IT governance (particularly if
it is a financial, health or government organization), then ISO 27001 can bring
in the methodology which enables to do it most efficiently.
2. Marketing edge
ISO 27001 could be indeed a unique selling point, especially if you handle
clients' sensitive information.
3. Lowering the expenses
financial gain if you lower your expenses caused by incidents. You probably do
have interruptions in service, or occasional data leakage, or disgruntled
employees. Or disgruntled former employees.
4. Putting your business in order
ISO 27001 is particularly good in sorting these things out - it will force you to
define very precisely both the responsibilities and duties, and therefore
strengthen your internal organization.
Mandatory DOCUMENTS and records required by ISO 27001 - ANSWER
(clause 4.3) Scope of the ISMS
(clause 5.2, 6.2) Information security policy and objectives
(clause 6.1.2) Risk assessment and risk treatment methodology
(clause 6.1.3.d) Statement of Applicability
(clause 6.1.3e , 6.2) Risk treatment plan
(clause 8.2) Risk assessment report
(control A.7.1.2, A.13.2.4) Definition of security roles and responsibilities
(control A8.1.1) Inventory of assets
(control A8.1.3) Acceptable use of assets
QUESTIONS AND ANSWERS
systematic checklist of what the top management must do - ANSWER 1) set
their business expectations (objectives) for information security
2)publish a policy on how to control whether those expectations are met
3) designate main responsibilities for information security
4) provide enough money and human resources
5) regularly review whether all the expectations were met
Four key benefits of ISO 27001 implementation - ANSWER 1. Compliance
quickest "return on investment" - if an organization must comply to various
regulations regarding data protection, privacy and IT governance (particularly if
it is a financial, health or government organization), then ISO 27001 can bring
in the methodology which enables to do it most efficiently.
2. Marketing edge
ISO 27001 could be indeed a unique selling point, especially if you handle
clients' sensitive information.
3. Lowering the expenses
financial gain if you lower your expenses caused by incidents. You probably do
have interruptions in service, or occasional data leakage, or disgruntled
employees. Or disgruntled former employees.
4. Putting your business in order
ISO 27001 is particularly good in sorting these things out - it will force you to
define very precisely both the responsibilities and duties, and therefore
strengthen your internal organization.
Mandatory DOCUMENTS and records required by ISO 27001 - ANSWER
(clause 4.3) Scope of the ISMS
(clause 5.2, 6.2) Information security policy and objectives
(clause 6.1.2) Risk assessment and risk treatment methodology
(clause 6.1.3.d) Statement of Applicability
(clause 6.1.3e , 6.2) Risk treatment plan
(clause 8.2) Risk assessment report
(control A.7.1.2, A.13.2.4) Definition of security roles and responsibilities
(control A8.1.1) Inventory of assets
(control A8.1.3) Acceptable use of assets
