Guest user Created: Mar 14, 2017 Last commented: Mar 14, 2017

Organizational controls

Hi, doing the ISO 27001 then you get this question: Identify which of the following information security controls are organizational controls: 1. Defining a policy on the use of cryptographic controls – Correct! 2. Implementing cryptographic controls – Incorrect! Implementing cryptographic controls is a technical control. 3. Documenting a clear screen policy – Correct! 4. Training employees how to use cryptographic controls – Incorrect! Training is an HR control. 5. Signing a confidentiality agreement with suppliers – Incorrect! A confidentiality agreement is a legal control. 6. Documenting a procedure for training employees – Correct! 7. Implementing a domain password policy – Incorrect! Implementing domain policies is a technical control. No matter how I answer, then I get it wrong. Why is "Defining a policy on the use of cryptographic controls " an org control?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 14, 2017

Answer: Defining and documenting policies, or procedures, are considered organizational controls because they involve the establishment of behaviours, either in terms of rules, lik e policies, or in terms of activities to be performed, like procedures.

This material will also help you regarding organizational controls:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 14, 2017

Expert Advice Community