Free Preparation Discussions
MENU
PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 2 Question 57 Discussion
Topic #: 2
Scenario 4: TradeB is a newly established commercial bank located in Europe, with a diverse clientele. It provides services that encompass retail banking, corporate banking, wealth management, and digital banking, all tailored to meet the evolving financial needs of individuals and businesses in the region. Recognizing the critical importance of information security in the modern banking landscape, TradeB has initiated the implementation of an information security management system (ISMS) based on ISO/IEC 27001. To ensure the successful implementation of the ISMS, the top management decided to contract two experts to lead and oversee the ISMS implementation project.
As a primary strategy for implementing the ISMS, the experts chose an approach that emphasizes a swift implementation of the ISMS by initially meeting the minimum requirements of ISO/IEC 27001, followed by continual improvement over time. Additionally, under the guidance of the experts, TradeB opted for a methodological framework, which serves as a structured framework and a guideline that outlines the high-level stages of the ISMS implementation, the associated activities, and the deliverables without incorporating any specific tools.
The experts analyzed the ISO/IEC 27001 controls and listed only the security controls deemed applicable to the company and its objectives. Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on a methodical approach that involved defining and characterizing the terms and criteria used in the assessment process, categorizing them into non-numerical levels (e.g., very low, low, moderate, high, very high). Explanatory notes were thoughtfully crafted to justify assessed values, with the primary goal of enhancing repeatability and reproducibility.
Then, they evaluated the risks based on the risk evaluation criteria, where they decided to treat only the risks of the high-risk category. Additionally, they focused primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures. To address these issues, they established a new version of the access control policy, implemented controls to manage and control user access, and introduced a control for ICT readiness to ensure business continuity.
Their risk assessment report indicated that if the implemented security controls reduce the risk levels to an acceptable threshold, those risks will be accepted.
Based on the scenario above, answer the following question:
Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?
Lindsay
2 months agoBlondell
2 months agoLatrice
3 months agoKeva
3 months agoAnglea
3 months agoAnnamae
3 months agoMerri
4 months agoTrina
4 months agoCarlton
4 months agoIsabella
4 months agoCharlette
4 months agoDorthy
5 months agoBecky
5 months agoRikki
10 months agoKristine
10 months agoBarbra
11 months agoEssie
9 months agoLenita
9 months agoLuis
9 months agoLai
9 months agoMelda
9 months agoFelix
9 months agoNovella
9 months agoAdaline
9 months agoPearlene
11 months agoJacquelyne
11 months agoTheron
11 months agoChantell
10 months agoJackie
10 months agoBrynn
11 months agoAliza
11 months agoShawna
11 months agoTamar
11 months agoLarae
10 months agoVallie
11 months agoJunita
11 months ago