首页  /     /   在线练习

更新时间: 试题数量: 购买人数: 提供作者:

有效期: 个月

章节介绍: 共有个章节

收藏
搜索
题库预览
You are performing an ISMS initial certification audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to conduct the closing meeting. During the final audit team meeting, as an audit team leader, you agree to report 2 minor nonconformities and 1 opportunity for improvement as below: Cosmic Certifications Limited Summary of audit findings: Opportunities for Improvement (OI) 1. The organisation should improve the overall awareness of information security incident management responsibility and process. (Requirements: Clause 7.4 and Control A.5.24; Follow-up: N/A) Nonconformities (NCs) 1. During the audit on the outsourced process, sampling one of the outsourced service contracts with WeCare the medical device manufacturer found that ABC does not include personal data protection and legal compliance as part of the information security requirements in the contract. (Grade: Minor; Requirements: Clause 4.2 and Control A.5.20; Follow-up: Corrective actions are required.) 2. During the audit on information security during the business continuity process, sampling one of the service continuity and recovery plans for the resident's healthy status monitoring service. The auditor found the recovery plan has not yet been tested. (Grade: Minor; Requirements: Clause 8.1 and Control A.5.29; Follow-up: Corrective actions are required.) Team Leader signed by Audit
How does the use of new technologies such as big data impact auditing?
You ask the IT Manager why the organisation still uses the mobile app while personal data encryption and pseudonymisation tests failed. Also, whether the Service Manager is authorised to approve the test. The IT Manager explains the test results should be approved by him according to the software security management procedure. The reason why the encryption and pseudonymisation functions failed is that these functions heavily slowed down the system and service performance. An extra 150% of resources are needed to cover this. The Service Manager agreed that access control is good enough and acceptable. That's why the Service Manager signed the approval. You are preparing the audit findings. Select the correct option.
Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence. After having an information security management system (ISMS) implemented for over 8 months, they contracted a certification body to conduct a third party audit in order to get certified against ISO/IEC 27001. The certification body set up a team of seven auditors. Jack, the most experienced auditor, was assigned as the audit team leader. Over the years, he received many well known certifications, such as the ISO/IEC 27001 Lead Auditor, CISA, CISSP, and CISM. Jack conducted thorough analyses on each phase of the ISMS audit, by studying and evaluating every information security requirement and control that was implemented by NightCore. During stage 2 audit. Jack detected several nonconformities. After comparing the number of purchased invoices for software licenses with the software inventory, Jack found out that the company has been using the illegal versions of a software for many computers. He decided to ask for an explanation from the top management about this nonconformity and see whether they were aware of this. His next step was to audit NightCore's IT Department. The top management assigned Tom, NightCore's system administrator, to act as a guide and accompany Jack and the audit team toward the inner workings of their system and their digital assets infrastructure. While interviewing a member of the Department of Finance, the auditors discovered that the company had recently made some unusual large transactions to one of their consultants. After gathering all the necessary details regarding the transactions. Jack decided to directly interview the top management. When discussing about the first nonconformity, the top management told Jack that they willingly decided to use a copied software over the original one since it was cheaper. Jack explained to the top management of NightCore that using illegal versions of software is against the requirements of ISO/IEC 27001 and the national laws and regulations. However, they seemed to be fine with it. Several months after the audit, Jack sold some of NightCore's information that he collected during the audit for a huge amount of money to competitors of NightCore. Based on this scenario, which ISO/IEC 27001 control has NightCore ignored when they used an illegal version of software?
A property of Information that has the ability to prove occurrence of a claimed event.
During which stage of the audit do auditors identify key processes to be audited and prioritize based on materiality?
According to ISO/IEC 27001, Clause 5.1 (Leadership and Commitment), which of the following is NOT a responsibility of top management?
Tessa was advised to avoid providing unnecessary evidence in the audit report for Clastus’s certification audit. Is this recommended?
All are prohibited in acceptable use of information assets, except:
Insufficient testing and lack of samples provided to Fintive's chatbot during the training phase are considered as 1.
Prior to initiating the audit activities, the auditors considered the auditee's context, critical processes, and expectations. Which auditing principle has been applied?
Based on Scenario 2, the Clinic decided that the ISMS would cover only key processes and departments. Is this acceptable?
AppFolk, a software development company, is seeking certification against ISO/IEC 27001. In the initial phases of the external audit, the certification body in discussion with the company excluded the marketing division from the audit scope, although they stated in their ISMS scope that the whole company is included. Is this acceptable?
How are internal audits and external audits related?
Which statement below best describes the relationship between information security aspects?
According to scenario 8, the audit team evaluated the action plan and concluded that it would resolve the detected nonconformities. Is this acceptable?
You are performing an ISMS audit at a residential nursing home (ABC) that provides healthcare services. The next step in your audit plan is to verify the information security of ABC's healthcare mobile app development, support, and lifecycle process. During the audit, you learned the organization outsourced the mobile app development to a professional software development company with CMMI Level 5, ITSM (ISO/IEC 20000-1), BCMS (ISO 22301) and ISMS (ISO/IEC 27001) certified. The IT Manager presented the software security management procedure and summarised the process as following: The mobile app development shall adopt "security-by-design" and "security-by-default" principles, as a minimum. The following security functions for personal data protection shall be available: Access control. Personal data encryption, i.e., Advanced Encryption Standard (AES) algorithm, key lengths: 256 bits; and Personal data pseudonymization. Vulnerability checked and no security backdoor. You sample the latest Mobile App Test report, details as follows: Target of Test: ABC's healthcare mobile app, version 1 Security test. Test results: Personal data encryption: Fail (Not able to perform the encryption.). Personal data pseudonymization: Fail (Not able to perform the pseudonymization.). Final approval: by Service Manager (signed). You ask the IT Manager why the organisation still uses the mobile app while personal data encryption and pseudonymization tests failed. Also, whether the Service Manager is authorised to approve the test. The IT Manager explains the test results should be approved by him according to the software security management procedure. The reason why the encryption and pseudonymisation functions failed is that these functions heavily slowed down the system and service performance. An extra 15% of resources are needed to cover this. The Service Manager agreed that access control is good enough and acceptable. That's why the Service Manager signed the approval. You are preparing the audit findings. Select the correct option.
The auditor should consider (1)------when determining the (2)------
Select the words that best complete the sentence: "The purpose of maintaining regulatory compliance in a management system is to ______."
A purpose of retaining documented information is to ______ conformity with the requirements of a management system standard.
更多题库
网络技术应用
道法题库 (1)(1)
2a地勤机械师500题及必知必会150题副本
《累死人不偿命之万英的出题真不错》
软件测试技术题库 (1)
选择题-天然产物
普惠金融与越地文化复习资料
新建题库06241142
2025-06-24 23:19:53拍照录题
多选题练习题
2025年内勤助理值班员必知必会题库(809题)
新建题库06241142
aeu中级工题库
《教育行政学》(课程代码00447)-完
2025-06-24 23:40:16拍照录题
病理学总复习题(2025)
新建 docx 文档
2025年6月9日启用-领导干部任职前廉政法规知识测试题
电子技术基础-2025重点(1)
新建题库06241142