<< Prev Question Next Question >>

Question 6/35

Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review, the company identified some issues in its ICT systems, including improper user permissions, misconfigured security settings, and insecure network configurations. To resolve these issues and enhance information security, Operaze decided to implement an information security management system (ISMS) based on ISO/IEC 27001.
Considering that Operaze is a small company, the entire IT team was involved in the ISMS implementation project. Initially, the company analyzed the business requirements and the internal and external environment, identified its key processes and activities, and identified and analyzed the interested parties In addition, the top management of Operaze decided to Include most of the company's departments within the ISMS scope. The defined scope included the organizational and physical boundaries. The IT team drafted an information security policy and communicated it to all relevant interested parties In addition, other specific policies were developed to elaborate on security issues and the roles and responsibilities were assigned to all interested parties.
Following that, the HR manager claimed that the paperwork created by ISMS does not justify its value and the implementation of the ISMS should be canceled However, the top management determined that this claim was invalid and organized an awareness session to explain the benefits of the ISMS to all interested parties.
Operaze decided to migrate Its physical servers to their virtual servers on third-party infrastructure. The new cloud computing solution brought additional changes to the company Operaze's top management, on the other hand, aimed to not only implement an effective ISMS but also ensure the smooth running of the ISMS operations. In this situation, Operaze's top management concluded that the services of external experts were required to implement their information security strategies. The IT team, on the other hand, decided to initiate a change in the ISMS scope and implemented the required modifications to the processes of the company.
Based on scenario 5. after migrating to cloud. Operaze's IT team changed the ISMS scope and implemented all the required modifications Is this acceptable?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (35q)
Question 1: An organization that has an ISMS in place conducts managemen...
Question 2: Scenario 6: Skyver offers worldwide shipping of electronic p...
Question 3: Scenario 4: TradeB. a commercial bank that has just entered ...
Question 4: Scenario 8: SunDee is an American biopharmaceutical company,...
Question 5: Scenario 1: HealthGenic is a pediatric clinic that monitors ...
Question 6: Scenario 5: Operaze is a small software development company ...
Question 7: Scenario 2: Beauty is a cosmetics company that has recently ...
Question 8: Scenario 10: NetworkFuse develops, manufactures, and sells n...
Question 9: Scenario 7: InfoSec is a multinational corporation headquart...
Question 10: An organization wants to enable the correlation and analysis...
Question 11: Who should be involved, among others, in the draft, review, ...
Question 12: Scenario 5: Operaze is a small software development company ...
Question 13: Scenario 7: InfoSec is a multinational corporation headquart...
Question 14: An organization documented each security control that it Imp...
Question 15: Scenario 2: Beauty is a cosmetics company that has recently ...
Question 16: What is the main purpose of Annex A 7.1 Physical security pe...
Question 17: An organization has justified the exclusion of control 5.18 ...
Question 18: Scenario 10: NetworkFuse develops, manufactures, and sells n...
Question 19: Scenario 3: Socket Inc is a telecommunications company offer...
Question 20: Scenario 3: Socket Inc is a telecommunications company offer...
Question 21: A small organization that is implementing an ISMS based on I...
Question 22: Which of the situations below can negatively affect the inte...
Question 23: Which of the following is NOT part of the steps required by ...
Question 24: An organization uses Platform as a Services (PaaS) to host i...
Question 25: Scenario 10: NetworkFuse develops, manufactures, and sells n...
Question 26: Scenario 4: TradeB. a commercial bank that has just entered ...
Question 27: The IT Department of a financial institution decided to impl...
Question 28: Which approach should organizations use to implement an ISMS...
Question 29: Scenario 1: HealthGenic is a pediatric clinic that monitors ...
Question 30: An organization has implemented a control that enables the c...
Question 31: Scenario 3: Socket Inc is a telecommunications company offer...
Question 32: Scenario 2: Beauty is a cosmetics company that has recently ...
Question 33: Scenario 1: HealthGenic is a pediatric clinic that monitors ...
Question 34: Scenario 3: Socket Inc is a telecommunications company offer...
Question 35: Scenario 7: InfoSec is a multinational corporation headquart...