What is the first step in a structured approach to come up with this measure?

ISO-IEC-27001 Lead Auditor V1 0 Comments

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers.

What is the first step in a structured approach to come up with this measure?
A . Appoint security staff
B . Encrypt all sensitive information
C . Formulate a policy
D . Set up an access control procedure

Answer: C

Explanation:

An organisational measure is a measure that involves the establishment of policies, procedures, roles, responsibilities, and structures to manage information security within an organization. Examples of organisational measures include security policies, awareness programs, risk assessments, audits, and incident response plans. A policy is a statement of intent or direction that provides guidance for decision making and actions within an organization. A policy defines the scope, objectives, principles, and roles for information security management. Therefore, formulating a policy is the first step in a structured approach to come up with an organisational measure to protect laptop computers.

Reference: ISO/IEC 27000:2022, clause 3.47; ISO/IEC 27001:2022, clause 5.2.

Latest ISO-IEC-27001 Lead Auditor Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download ISO-IEC-27001 Lead Auditor PDF     ISO-IEC-27001 Lead Auditor Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments