Free Preparation Discussions
MENU
PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 3 Question 59 Discussion
Topic #: 3
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.
Due to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information. Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart.
However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses.
The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information.
In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security.
Which statement below suggests that Beauty has implemented a managerial control that helps avoid the occurrence of incidents? Refer to scenario 2.
Managerial controls are administrative actions that are designed to prevent or reduce the likelihood of security incidents by influencing human behavior. They include policies, procedures, guidelines, standards, training, and awareness programs. In scenario 2, Beauty has implemented a managerial control by conducting information security awareness sessions for the IT team and other employees that have access to confidential information. These sessions aim to educate the staff on the importance of system and network security, the potential threats and vulnerabilities, and the best practices to follow to avoid the occurrence of incidents. By raising the level of awareness and knowledge of the employees, Beauty can reduce the human errors and negligence that might compromise the security of the information assets.
Quentin
2 months agoBillye
2 months agoOlene
2 months agoAntonio
3 months agoMarcelle
3 months agoLauna
3 months agoElin
3 months agoGlendora
4 months agoChanel
4 months agoVallie
4 months agoMargret
4 months agoPhuong
4 months agoAja
5 months agoUla
5 months agoJames
8 months agoScot
8 months agoMiesha
9 months agoWilliam
9 months agoRodolfo
9 months agoBeula
8 months agoDyan
8 months agoAimee
10 months agoNieves
10 months agoLenny
10 months agoIra
9 months agoArthur
9 months agoMattie
9 months ago