Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

ISO 27001 / ISMS

Foundations Course Module 1

QuestionAnswer
What are the 3 ISMS security objectives? 1. Confidentiality: only the authorized persons have the right to access information. 2. Integrity: only the authorized persons can change the information. 3. Availability: the information must be accessible to authorized persons whenever it is needed.
What does ISMS stand for? Information Security Management System (ISMS)
What is an ISMS? A set of rules that 1 identify IS stakeholders & reqs 2 identify IS risks 3 define controls&mitigation methods to manage IS reqs & risks 4 define IS objectives 5 implement controls/mitigation methods 6 assess controls' performance 7 achieve CI
What are the four essential business benefits that a company can achieve with the implementation of this information security standard? 1. Comply with legal/contractual requirements 2. Achieve competitive advantage 3. Lower costs by preventing security incidents 4. Better organization through defined processes and procedures
How does ISO 27001 work? 2 Steps: 1. Risk Assessment - finding out what potential problems could happen to the information 2. Risk Management - defining what needs to be done to prevent such problems from happening through controls
What are the ISO 27001 controls? The ISO 27001 controls (also known as safeguards) are the 114 practices to be implemented to reduce risks to acceptable levels. Controls can be technical, organizational, legal, physical, human, etc.
What kinds of controls are there? Technical controls Organizational controls Legal controls Physical controls Human resource controls
What are Technical controls? These controls are primarily implemented in information systems, using software, hardware, and firmware components added to the system. E.g. encryption, backups, antivirus software, etc.
What are Organizational controls? These controls are implemented by defining rules to be followed, and expected behavior from users, equipment, software, and systems. E.g. Access Control Policy, BYOD Policy, etc.
What are Legal controls? These controls ensure that rules & expected behaviors follow and enforce the laws, regulations, contracts, and other similar legal instruments that the organization must comply with. E.g. NDA (non-disclosure agreement), SLA (service level agreement), etc.
What are Physical controls? These controls are primarily implemented by using equipment or devices that have a physical interaction with people and objects. E.g. CCTV cameras, alarm systems, locks, etc.
What are Human resource controls? These controls are implemented by providing knowledge, education, skills, or experience to persons to enable them to perform their activities in a secure way. E.g. security awareness training, ISO 27001 internal auditor training, etc.
What are the ISO 27000 (ISO27k) standards? There are more than 40 standards in the ISO27k series. ISO27001 defines what is needed for IS, and the others provide additional guidance for implementation and specific industries.
What is the difference between NIST and ISO 27001? ISO27001 is an international standard; NIST is a gov't agency that maintains standards in the US. The NIST SP 800 series specifies best practices for information security. Both can be used together for implementation of information security.
What is the difference between ISO 27001 and 27002? ISO 27001 defines requirements & provides brief descriptions of controls for Information Security Management Systems (ISMS). ISO 27002 provides detailed guidance on the implementation of controls from ISO 27001 Annex A.
Where can you find the 14 domains of ISO 27001? The 14 Domains are in Annex A of ISO 27001.
Why isn't ISO27001 prescriptive? This standard is meant to fit any type of company, so a prescriptive approach is not possible. It is simply impossible to define the backup frequency, which technology to use, how to configure each device, etc.
Created by: anne_s
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards