When ending the Cloud services contract, what is the information security criteria should be considered ?

Cloud platform is being shared with other tenant

The Service Level Agreement (SLA) with the Cloud service provider

Physical location of the Cloud subscribed

What is the purpose of audit notes and audit checklist?

To ensure the coverage of internal audit is comprehensive

As a guideline for auditor during internal audit exercise

As an evidence of auditor's justification on any findings to be raised

14. Determine the clause / controls for the below findings: “During the audit, you observed that several workstations left by the officers were found scattered, including documents, password notes were attached to the computer screen, and the computer screen was not locked.”

A.7.7 Clear desk and clear screen

Determine the clause/control and its classification of the below findings: “There is an evaluation conducted prior to the appointment of the vendor. A set of relevant criteria has been established to ensure the vendor is meeting the standard set by the organization. However, furhter verification on its complaince towards the criteria could be implemented consistently.”

A.5.22 Monitoring, review and change management of supplier services - OFI

A.5.22 Monitoring, review and change management of supplier services - NCR

A.5.20 Addressing information security within supplier agreements - OFI

A.5.19 Information security in supplier relationships - NCR

"As verified on physical security surveillance via the CCTV for the data center - the Security Unit personnel has access to the real-time surveillance images via his own smartphone. An assurance of the safety and security of the data was demonstrated. However, policy related to 'bring your own device' was not yet established." Identified the classfication of the findings and its clause/control.

OFI, A.5.1 Policies for information security

NCR, A.5.32 Intellectual property rights

OFI, A.5.33 Protection of records

"ISMS Measurement of Effectiveness COntrol has been divided into two (2) categories: Implementation and Operations. These metrics measurements have been reviewed and revised based on the previous audit findings. However, the approval of the revised measurement was not clearly recorded prior to performing the evaluations." Determine the clause/control for the above OFI report.

Clause 7.5.2 Creating and updating.

A.5.4 Management responsibilities

Clause 9.1 Monitoring, measurement, analysis, and evaluation

Clause 7.5.3 Control of documented information

"The organization had reviewed the risks assessment for the Production department, Distribution department, and Corporate department. Based on the previous assessment, there are several risk treatment plans (RTP) initiated. However, the status of these RTP remains the same but the respective risk level was reduced during the current assessment. This RTP was not updated accordingly." Determine the clause/control for the above findings.

Clause 8.3 Information security risk treatment

Clause 8.2 Information security risk assessment

Clause 6.1.2 Information security risk assessment

Clause 6.1.3 Information security risk treatment

Identify the internal audit processes.

Planning the Audit --> Execute the Audit --> Prepare Audit Report --> Audit Follow-Up

Gap Analysis --> Internal Audit Plan --> Execute the Audit --> Audit Closing Meeting

Planning the Audit --> Execute the Audit --> Prepare Audit Report --> Audit Closing Meeting

Information Gathering --> Planning the Audit --> Execute the Audit --> Audit Reporting --> Audit Follow Up

ISO/IEC 27001:2022

Authored by NURUL FARHANAH HASAMUDIN

Instructional Technology

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the name of the ISO/IEC 27001:2022?

Information security technique — Information security management systems — Requirements

Information security, cybersecurity and privacy protection — Information security management systems — Requirements

Information security — Information security management systems — Requirements

Information technology — Security techniques — Code of practice for information security controls

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the clause that newly added in the latest version of ISMS?

10.1 Continual improvement

6.3 Planning of changes

4.4 Information security management system

8.1 Operational planning and control

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Below are the new security controls in the latest version of ISMS except:

A.7.4 Physical security monitoring

A.8.10 Information deletion

A.6.1.4 Contact with special interest groups

A.8.16 Monitoring activities

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Within ISO standards, what does “shall” indicate?

A recommendation

A capability

A requirement

A permission

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How many domains and security controls in Annex A ISO/IEC 27001:2022?

4 domains, 93 controls

14 domains, 114 controls

7 domains, 141 controls

10 domains, 98 controls

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What kind of evidence (example) to address the requirement of 9.3.3 Management review results?

information security objectives performance

risk assessment report

slide presentation

minutes of meeting

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How many new controls, updated controls, and merged controls in ISO/IEC 27001:2022?

10 new controls, 24 updated controls, 58 merged controls

11 new controls, 58 updated controls, 24 merged controls

24 new controls, 58 updated controls, 11 merged controls

58 new controls, 11 updated controls, 24 merged controls

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Dashboard Rules

Quiz

•

Professional Development

20 questions

FUN 101 Week 7 Test Bearings, Lubricants & Seals

Quiz

•

Professional Development

20 questions

Tech Talk elementary Units 4-7-8

Quiz

•

Professional Development

17 questions

Week one electronics

Quiz

•

Professional Development

20 questions

MCSA -Mid Exam

Quiz

•

Professional Development

20 questions

CPA Prelims JY 2022

Quiz

•

8th Grade - Professio...

18 questions

(elem) Technology Routines

Quiz

•

Professional Development

20 questions

Bem-vindo ao mundo do social media, você vai adorar! 🌈

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Instructional Technology

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

ISO/IEC 27001:2022

What is the name of the ISO/IEC 27001:2022?

What is the clause that newly added in the latest version of ISMS?

Below are the new security controls in the latest version of ISMS except:

Within ISO standards, what does “shall” indicate?

How many domains and security controls in Annex A ISO/IEC 27001:2022?

What kind of evidence (example) to address the requirement of 9.3.3 Management review results?

How many new controls, updated controls, and merged controls in ISO/IEC 27001:2022?

When ending the Cloud services contract, what is the information security criteria should be considered ?

What are the channels might be at risk from data leakage?

What are the example of implementing data masking?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology