ISO-IEC-27001-LEAD-AUDITOR · Question #185
ISO-IEC-27001-LEAD-AUDITOR Question #185: Real Exam Question with Answer & Explanation
The correct answer is A. Confidentiality and nondisclosure agreements: This control requires the organisation to ensure C. Information security awareness, education and training: This control requires the organisation D. Remote working arrangements: This control requires the organisation to establish and E. The conducting of verification checks on personnel: This control requires the organisation to. The four controls from the list that the auditor in training should review are: that all employees, contractors, and third parties who have access to sensitive information sign appropriate agreements that oblige them to protect the confidentiality and integrity of such informatio
Question
Options
- AConfidentiality and nondisclosure agreements: This control requires the organisation to ensure
- BHow protection against malware is implemented
- CInformation security awareness, education and training: This control requires the organisation
- DRemote working arrangements: This control requires the organisation to establish and
- EThe conducting of verification checks on personnel: This control requires the organisation to
- FThe operation of the site CCTV and door control systems
- GThe organisation's arrangements for information deletion
- HThe organisation's business continuity arrangements
Explanation
The four controls from the list that the auditor in training should review are: that all employees, contractors, and third parties who have access to sensitive information sign appropriate agreements that oblige them to protect the confidentiality and integrity of such information. This is especially important for an organisation that stores data on behalf of external clients, as it demonstrates its commitment to safeguarding their information assets and complying with their contractual obligations. to provide regular and relevant information security awareness, education and training to all employees, contractors, and third parties who have access to the organisation's information systems and information assets. This is essential for ensuring that they are aware of their roles and responsibilities, the information security policies and procedures, the potential threats and risks, and the best practices for preventing and responding to information security incidents. implement policies and procedures for managing the information security risks associated with remote working arrangements, such as teleworking, mobile working, or working from home. This includes defining the conditions and requirements for remote working, such as the authorised devices, applications, and networks, the encryption and authentication methods, the backup and recovery procedures, and the reporting and monitoring mechanisms. This is important for an organisation that stores data on behalf of external clients, as it ensures that the information security level is maintained regardless of the location of the workers and the devices they use. conduct appropriate verification checks on the background, qualifications, and references of all employees, contractors, and third parties who have access to the organisation's information systems and information assets. This is necessary for verifying their identity, suitability, and trustworthiness, and for preventing the hiring of unauthorised or malicious individuals who could compromise the information security of the organisation and its clients.
Community Discussion
No community discussion yet for this question.