Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 34 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 34
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

The auditor was unable to identify that Company A hid their insecure network architecture. What type of audit risk is this?

Show Suggested Answer Hide Answer
Suggested Answer: A, B, E, F

According to ISO/IEC 27001:2022, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), clause 4.1 requires an organization to determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its ISMS2.External issues are those that originate from outside the organization, such as legal, regulatory, cultural, social, political, economic, natural and competitive factors2.Internal issues are those that originate from within the organization, such as governance, structure, roles and responsibilities, policies, objectives, culture, capabilities, resources and information systems2.Therefore, based on this definition, four examples of external issues in the context of a management system to ISO/IEC 27001:2022 are a rise in interest rates in response to high inflation (which affects the economic environment of the organization), a reduction in grants as a result of a change in government policy (which affects the political and legal environment of the organization), higher labour costs as a result of an aging population (which affects the social and demographic environment of the organization), and inability to source raw materials due to government sanctions (which affects the trade and supply environment of the organization)2. The other options are examples of internal issues, as they originate from within the organization or its activities.For example, poor levels of staff competence as a result of cuts in training expenditure (which affects the capabilities and resources of the organization), increased absenteeism as a result of poor management (which affects the culture and performance of the organization), poor morale as a result of staff holidays being reduced (which affects the motivation and satisfaction of the organization's personnel), and a fall in productivity linked to outdated production equipment (which affects the efficiency and quality of the organization's processes)2.Reference:ISO/IEC 27001:2022 - Information technology -- Security techniques -- Information security management systems -- Requirements


by Terina at Apr 29, 2024, 11:47 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fidelia
1 months ago
If the auditor can't even find the network issues, they must be using the 'invisible ink' method of auditing.
upvoted 0 times
...
India
1 months ago
I'd say this is a clear 'Detection' problem. The auditor must have been using the 'hide and seek' method of auditing.
upvoted 0 times
...
An
1 months ago
Sounds like a classic case of 'Control' issues. Maybe the auditor needs to take a 'control' alt delete approach to this problem.
upvoted 0 times
Detra
15 days ago
Maybe the auditor needs to take a 'control' alt delete approach to this problem.
upvoted 0 times
...
Delmy
18 days ago
C) Detection
upvoted 0 times
...
Yuki
27 days ago
B) Control
upvoted 0 times
...
Leslee
28 days ago
A) Inherent
upvoted 0 times
...
...
Francoise
2 months ago
Ah, the classic 'hide and seek' audit technique. Gotta love when the company is playing 'keep away' with their network architecture.
upvoted 0 times
Darrin
22 days ago
C) Detection
upvoted 0 times
...
Jennie
23 days ago
B) Control
upvoted 0 times
...
Crista
29 days ago
A) Inherent
upvoted 0 times
...
...
Alise
2 months ago
I disagree, I think it's detection risk because the auditor failed to detect the insecure network architecture.
upvoted 0 times
...
Robt
2 months ago
I agree with Eva, it's definitely inherent risk.
upvoted 0 times
...
Eva
2 months ago
I think it's inherent risk.
upvoted 0 times
...
Dorinda
3 months ago
I believe it's detection risk, as the auditor failed to detect the issue.
upvoted 0 times
...
Tamesha
3 months ago
I agree with Chana, because it's related to the nature of the business.
upvoted 0 times
...
Lezlie
3 months ago
If the auditor can't even identify the network issues, I'm guessing they need a little more 'detection' in their diet.
upvoted 0 times
Sena
1 months ago
User 4: Maybe they need to improve their detection procedures.
upvoted 0 times
...
Lavera
2 months ago
User 3: Yeah, the auditor should have caught that during the audit.
upvoted 0 times
...
Yoko
2 months ago
User 2: That sounds like a detection risk to me.
upvoted 0 times
...
Lonny
2 months ago
User 1: Looks like Company A is hiding their insecure network architecture.
upvoted 0 times
...
...
Chana
3 months ago
I think it's inherent risk.
upvoted 0 times
...

Save Cancel