- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-02-23.q93
- Question 38
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 38/93
How is the purpose of information security policy best described?
Correct Answer: B
Explanation
The purpose of information security policy is best described as providing direction and support to the management regarding information security. An information security policy is a high-level document that defines the organization's vision, objectives, principles and responsibilities for information security. It also sets the scope and context of the information security management system and aligns it with the organization's strategy and culture. An information security policy does not document the analysis of risks or the search for countermeasures, nor does it make the security plan concrete or provide insight into threats and consequences.
These are tasks for other documents or processes within the information security management system.
ISO/IEC 27001:2022 defines information security policy as "policy that provides direction and support for information security in accordance with business requirements and relevant laws and regulations" (see clause
3.29). References: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC
27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Information Security Policy?
The purpose of information security policy is best described as providing direction and support to the management regarding information security. An information security policy is a high-level document that defines the organization's vision, objectives, principles and responsibilities for information security. It also sets the scope and context of the information security management system and aligns it with the organization's strategy and culture. An information security policy does not document the analysis of risks or the search for countermeasures, nor does it make the security plan concrete or provide insight into threats and consequences.
These are tasks for other documents or processes within the information security management system.
ISO/IEC 27001:2022 defines information security policy as "policy that provides direction and support for information security in accordance with business requirements and relevant laws and regulations" (see clause
3.29). References: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC
27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Information Security Policy?
- Question List (93q)
- Question 1: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 2: There was a fire in a branch of the company Midwest Insuranc...
- Question 3: Which of the following is an information security management...
- Question 4: During a Stage 1 audit opening meeting, the Management Syste...
- Question 5: During a third-party certification audit, you are presented ...
- Question 6: Which three of the following options are an advantage of usi...
- Question 7: Which threat could occur if no physical measures are taken?...
- Question 8: Information or data that are classified as ______ do not req...
- Question 9: Which one of the following options is the definition of an i...
- Question 10: A property of Information that has the ability to prove occu...
- Question 11: Which two of the following statements are true?...
- Question 12: A couple of years ago you started your company which has now...
- Question 13: Select the words that best complete the sentence: To complet...
- Question 14: Select two of the following options that are the responsibil...
- Question 15: An employee caught with offense of abusing the internet, suc...
- Question 16: You are performing an ISMS audit at a residential nursing ho...
- Question 17: Please match the roles to the following descriptions: (Exhib...
- Question 18: The audit lifecycle describes the ISO 19011 process for cond...
- Question 19: What would be the reference for you to know who should have ...
- Question 20: Which two of the following phrases would apply to 'check' in...
- Question 21: A scenario wherein the city or location where the building(s...
- Question 22: Information has a number of reliability aspects. Reliability...
- Question 23: A well-executed risk analysis provides a great deal of usefu...
- Question 24: You are an experienced ISMS audit team leader guiding an aud...
- Question 25: You are an experienced audit team leader guiding an auditor ...
- Question 26: You receive an E-mail from some unknown person claiming to b...
- Question 27: You are performing an ISMS audit at a residential nursing ho...
- Question 28: During an opening meeting of a Stage 2 audit, the Managing D...
- Question 29: What is the standard definition of ISMS?...
- Question 30: You receive the following mail from the IT support team: Dea...
- Question 31: You are performing an ISMS audit at a nursing home where res...
- Question 32: Select two options that describe an advantage of using a che...
- Question 33: You are carrying out your first third-party ISMS surveillanc...
- Question 34: What is the relationship between data and information?...
- Question 35: The audit team leader prepares the audit plan for an initial...
- Question 36: What type of measure involves the stopping of possible conse...
- Question 37: Someone from a large tech company calls you on behalf of you...
- Question 38: How is the purpose of information security policy best descr...
- Question 39: (Exhibit)
- Question 40: During discussions with the individual(s) managing the audit...
- Question 41: You are performing an ISMS audit at a residential nursing ho...
- Question 42: CEO sends a mail giving his views on the status of the compa...
- Question 43: Information Security is a matter of building and maintaining...
- Question 44: What is the security management term for establishing whethe...
- Question 45: In acceptable use of Information Assets, which is the best p...
- Question 46: Which one of the following statements best describes the pur...
- Question 47: Which two of the following phrases would apply to "plan" in ...
- Question 48: You are performing an ISMS audit at a residential nursing ho...
- Question 49: Auditors need to communicate effectively with auditees. Ther...
- Question 50: Cabling Security is associated with Power, telecommunication...
- Question 51: You are preparing the audit findings. Select two options tha...
- Question 52: Which two of the following are examples of audit methods tha...
- Question 53: All are prohibited in acceptable use of information assets, ...
- Question 54: Four types of Data Classification (Choose two)...
- Question 55: A decent visitor is roaming around without visitor's ID. As ...
- Question 56: Phishing is what type of Information Security Incident?...
- Question 57: You are an experienced ISMS audit team leader. During the co...
- Question 58: What is a repressive measure in case of a fire?...
- Question 59: Which six of the following actions are the individual(s) man...
- Question 60: You see a blue color sticker on certain physical assets. Wha...
- Question 61: You are performing an ISMS audit at a residential nursing ho...
- Question 62: What is an example of a human threat?...
- Question 63: What is a repressive measure in case of a fire?...
- Question 64: Which of the following statements are correct for Clean Desk...
- Question 65: What type of system ensures a coherent Information Security ...
- Question 66: What is a definition of compliance?...
- Question 67: Your organisation is currently seeking ISO/IEC27001:2022 cer...
- Question 68: A hacker gains access to a webserver and can view a file on ...
- Question 69: What is the name of the system that guarantees the coherence...
- Question 70: You have just completed a scheduled information security aud...
- Question 71: Below is Purpose of "Integrity", which is one of the Basic C...
- Question 72: You are an ISMS auditor conducting a third-party surveillanc...
- Question 73: Match the correct responsibility with each participant of a ...
- Question 74: You are performing an ISMS audit at a residential nursing ho...
- Question 75: Select the words that best complete the sentence: (Exhibit)...
- Question 76: Who is authorized to change the classification of a document...
- Question 77: You are an experienced ISMS audit team leader guiding an aud...
- Question 78: You are carrying out your first third-party ISMS surveillanc...
- Question 79: As the ISMS audit team leader, you are conducting a second-p...
- Question 80: Implement plan on a test basis - this comes under which sect...
- Question 81: As a new member of the IT department you have noticed that c...
- Question 82: The following are purposes of Information Security, except:...
- Question 83: You are preparing the audit findings. Select two options tha...
- Question 84: You are an audit team leader conducting a third-party survei...
- Question 85: -------------------------is an asset like other important bu...
- Question 86: An administration office is going to determine the dangers t...
- Question 87: You are the person responsible for managing the audit progra...
- Question 88: You are performing an ISMS audit at a residential nursing ho...
- Question 89: Integrity of data means
- Question 90: What is the goal of classification of information?...
- Question 91: You are an experienced ISMS audit team leader who is current...
- Question 92: Objectives, criteria, and scope are critical features of a t...
- Question 93: Which measure is a preventive measure?...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-02-23.q93.pdf