LEAD-IMPLEMENTER Question #246: Real Exam Question with Answer & Explanation

Scenario 5: Bytes iS a dynamic and innovative Company specializing in the design, manufacturing. and distribution Of hardware and software, with a focus On providing comprehensive network and supporting services. It is headquartered in the vibrant tech hub of Lagos, Nigeria. It has a diverse and dedicated team, boasting a workforce of over 800 employees who are passionate about delivering cutting-edge solutions to their Clients. Given the nati-jte Of its business. Bytes frequently handles sensitive data both internally and When collaborating With Clients and partners. Recognizing the Challenges inherent in securely sharing data with clients. partners, and within its own internal operations. Bytes has implemented robust information security measures, They utilize a defined risk assessment process, which enables them to assess and address potential threats and information security risks. This process ensures compliance with ISOflEC 27001 requirements, a critical aspect of Bytes' operations. Initially. Bytes identified both external and internal issues that are relevant to its purpose and that impact its ability to achieve the intended information security management System Outcomes, External issues beyond the company'S control include factors Such as social and Cultural dynamics, political. legal. normative, and regulatory environments, financial and macroeconomic conditions. technological developments, natural factors, and competitive pressures. Internal issues, which are within the organization's control, encompass aspects like the company's culture. its policies, objectives, and strategies; govetnance structures. roles, and responsibilities: adopted standards and guidelines; contractual relationships that influence processes within the ISMS scope: processes and procedures resources and knowledge capabilities; physical infrastructure information systems. information flows. and decisiorwnaking processes; as well as the results of previous audits and risk assessments. Bytes also focused on identifying the interested parties relevant to the ISMS understanding their requirements, and determining which Of those requirements will be addressed by the ISMS In pursuing a secure digital environment, Bytes leverages the latest technology, utilizing automated vulnerability scanning tools to identify known vulnerable services in their ICT systems. This proactive approach ensures that potential weaknesses are swiftly addressed. bolstering their overall information security posture. In their comprehensive approach to information security, Bytes has identified and assessed various risks. During this process, despite implementing the security controls, Bytes' expert team identified unacceptable residual risks, and the team Currently faces uncertainty regarding which specific options to for addressing these identified and unacceptable residual risks. According to scenario 5, what should Bytes consider when assessing the security of its ICT systems?