APMG-International ISO-IEC-27001-Foundation Exam - Topic 6 Question 12 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam

Question #: 12
Topic #: 6

[All ISO-IEC-27001-Foundation Questions]

What is required to be reported by the Information security event reporting control?

AInformation disclosure

BUnauthorized access

CAsset disposal

DObserved or suspected events

Show Suggested Answer

Suggested Answer: D

Comprehensive and Detailed Explanation From Exact Extract ISO/IEC 27002:2022 standards:

Annex A, control 6.8 (Information security event reporting) specifies:

''Information security events should be reported through appropriate management channels as quickly as possible. The organization should require all employees and contractors to note and report any observed or suspected information security events.''

This wording confirms that the required reporting covers ''observed or suspected events.'' Specific event types like information disclosure (A) or unauthorized access (B) are examples but not the broad requirement. Asset disposal (C) is addressed separately under equipment lifecycle controls (Annex A.7.14).

Therefore, the verified correct answer is D: Observed or suspected events.

by Sharen at Mar 31, 2026, 05:00 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!