Information Security Management Lecture 1 Quiz

Questions and Answers

What is the main purpose of ISO 27001?

• To provide an international standard for information security management (correct)
• To outline communication protocols for remote connections
• To set standards for physical and environmental security
• To establish a code of practice for stakeholder management

Which of the following is NOT one of the important areas of concern in ISO 27001?

• Access control
• Asset management
• Human resources security
• Customer networks (correct)

In the Plan Do Check Act Cycle (PDCA) for ISMS, what does 'Do' involve?

• Monitoring and reviewing the ISMS
• Information security requirements and expectations (correct)
• Maintaining and improving the ISMS
• Establishing the ISMS

What does creating 'Virtual Private Networks (VPN’s)' help with in information security?

Ensuring integrity of data during remote connections (C)

Which of the following is NOT emphasized under ISO 27001?

Risk Litigation (C)

What is the basis for third party certification according to ISO 27001?

Specification for information Security Management (B)

'Organization of information security' is considered an important area of concern under ISO 27001 because it focuses on:

Establishing clear security policies and responsibilities (D)

'Internal Audit' falls under which part of the context for Information Security Management according to the text?

(Confidential 7) Context for Info Security Management (C)

'Maintain and improve the ISMS' corresponds to which stage in the Plan Do Check Act Cycle (PDCA)?

'Act' (B)

'Communications and operations management' are highlighted as an important area of concern under ISO 27001 mainly because they focus on:

$Ensuring secure data transfer processes$ (A)