Security - Lecture 9 Questions with
Complete Solutions.
What is ISO27001? - Answer ISO 27001 is an international standard published by the
International Standardization Organization (ISO), and it describes how to manage information
security in a company.
It is a strategic decision
What does ISO27001 provide? - Answer It provides a method of implementation of
information security management within a business.
It enables the company to become certified, meaning that an independent certification body
has confirmed the business has implemented information security that complies with the
ISO27001 framework.
What is ISO27002? - Answer The ISO 27002 standard is a collection of information security
guidelines that will help an organisation implement, maintain and improve its information
security management
What is the ISMS? - Answer An information security management system (ISMS) is a set of
policies and procedures for managing an organization's sensitive data.
The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting
the impact of a security breach.
What should management do to support the ISMS? - Answer • Provide clear policies
• Assigning responsibilities to correct people
• Allocate resources
• Co-ordinate and review implementation
What are the stages of ISMS? - Answer • Establishing - what you're going to do
• Implementing - building it
• Deploying - so people can use it
• Monitoring - when people use it you need to monitor
• Reviewing - review information you're getting to ensure it's still working
• Maintaining
• Updating & Improving - prevent threats and risks
Complete Solutions.
What is ISO27001? - Answer ISO 27001 is an international standard published by the
International Standardization Organization (ISO), and it describes how to manage information
security in a company.
It is a strategic decision
What does ISO27001 provide? - Answer It provides a method of implementation of
information security management within a business.
It enables the company to become certified, meaning that an independent certification body
has confirmed the business has implemented information security that complies with the
ISO27001 framework.
What is ISO27002? - Answer The ISO 27002 standard is a collection of information security
guidelines that will help an organisation implement, maintain and improve its information
security management
What is the ISMS? - Answer An information security management system (ISMS) is a set of
policies and procedures for managing an organization's sensitive data.
The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting
the impact of a security breach.
What should management do to support the ISMS? - Answer • Provide clear policies
• Assigning responsibilities to correct people
• Allocate resources
• Co-ordinate and review implementation
What are the stages of ISMS? - Answer • Establishing - what you're going to do
• Implementing - building it
• Deploying - so people can use it
• Monitoring - when people use it you need to monitor
• Reviewing - review information you're getting to ensure it's still working
• Maintaining
• Updating & Improving - prevent threats and risks
