Guest
Organizational controls
Hi, doing the ISO 27001 then you get this question: Identify which of the following information security controls are organizational controls: 1. Defining a policy on the use of cryptographic controls – Correct! 2. Implementing cryptographic controls – Incorrect! Implementing cryptographic controls is a technical control. 3. Documenting a clear screen policy – Correct! 4. Training employees how to use cryptographic controls – Incorrect! Training is an HR control. 5. Signing a confidentiality agreement with suppliers – Incorrect! A confidentiality agreement is a legal control. 6. Documenting a procedure for training employees – Correct! 7. Implementing a domain password policy – Incorrect! Implementing domain policies is a technical control. No matter how I answer, then I get it wrong. Why is "Defining a policy on the use of cryptographic controls " an org control?
Assign topic to the user
Expert
Rhand Leal
Mar 14, 2017
Answer: Defining and documenting policies, or procedures, are considered organizational controls because they involve the establishment of behaviours, either in terms of rules, lik e policies, or in terms of activities to be performed, like procedures.
This material will also help you regarding organizational controls:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Mar 14, 2017
Mar 14, 2017
Mar 14, 2017