Scenario Based#2

No, while establishing the ISMS project team comprising of only experts in the information security could bring valuable knowledge in the information security and technology to DetSearch, it is not a good practice in its entirety

Yes, including individuals from different background in the ISMS project team would only slow down the decision-making process for DetSearch, leading to a less efficient implementation of security measures

Yes, having a team of only experts in the information security would ensure that the ISMS would be implemented smoothly

Yes, the ISMS project manager is responsible for determining the necessary resources for the ISMS implementation

No, everyone affected by the ISMS should take part in identifying the necessary resources for the ISMS implementation

No, the ISMS team should identify the necessary resources for the ISMS implementation

No, the ISMS team should have firstly focused on setting specific targets for each information security control before conducting the gap analysis to ensure a more accurate assessment

No, the ISMS team should have skipped the gap analysis as it is an unnecessary step t only adds complexity to the ISMS implementation

Yes, the ISMS team correctly followed the systematic approach of conducting the gap analysis

No, Carla did not validate the policy with the interested parties

No, Carla failed to consider the integration of the operational specifications and references to specific products in the policy

Yes, Carla followed all the essential steps to draft the policy

Qualitative risk analysis

Semi-qualitative risk analysis

Quantitative risk analysis