Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

You are performing an ISMS audit at a residential nursing home that provides healthcare services.

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident management process. The IT Security Manager presents the information security incident management procedure (Document reference ID: ISMS_L2_16, version 4).

You review the document and notice a statement "Any information security weakness, event, and incident should be reported to the Point of Contact (PoC) within 1 hour after identification". When interviewing staff, you found that there were differences in the understanding of the meaning of the phrase "weakness, event, and incident".

The IT Security Manager explained that an online "information security handling" training seminar was conducted 6 months ago. All the people interviewed participated in and passed the reporting exercise and course assessment.

You would like to investigate other areas further to collect more audit evidence. Select three

options that would not be valid audit trails.

A.

Collect more evidence on how areas subject to information security incidents are quarantined to maintain information security during disruption (relevant to control A.5.29)

B.

Collect more evidence on how information security incidents are reported via appropriate channels (relevant to control A.6.8)

C.

Collect more evidence on how the organisation conducts information security incident training and evaluates its effectiveness. (Relevant to clause 7.2)

D.

Collect more evidence on how the organisation learns from information security incidents and makes improvements. (Relevant to control A.5.27)

E.

Collect more evidence on how the organisation manages the Point of Contact (PoC) which monitors vulnerabilities. (Relevant to clause 8.1)

F.

Collect more evidence on how the organisation tests the business continuity plan. (Relevant to control A.5.30)

G.

Collect more evidence on whether terms and definitions are contained in the information security policy. (Relevant to control 5.32)

ISO-IEC-27001-Lead-Auditor PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now ISO-IEC-27001-Lead-Auditor pdf
Get 60% Discount on All Products, Use Coupon: "8w52ceb345"