Who is responsible for Initial asset allocation to the user/custodian of the assets?
Correct Answer: B
Explanation The asset owner is responsible for initial asset allocation to the user or custodian of the assets. The asset owner is a person or entity that has been assigned the responsibility for managing and protecting the asset throughout its lifecycle. The asset owner should ensure that the user or custodian of the assets has the appropriate authorization, competence and awareness to use or handle the assets securely. The asset owner should also monitor and review the use or custody of the assets and update or revoke the allocation as needed. ISO/IEC 27001:2022 requires the organization to assign owners to all assets within the scope of the information security management system (see clause A.8.1.2). References: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course, ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is an Asset Owner?
Question 23
After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?
Correct Answer: D
Question 24
Access Control System, CCTV and security guards are form of:
Correct Answer: A
Question 25
Review the following statements and determine which two are false:
Correct Answer: C,F
Explanation The number of days assigned to a third-party audit is not determined by the auditee's availability, but by the audit program, which considers the audit scope, objectives, criteria, risks, and resources12. The auditee's availability is only one factor that affects the audit planning and scheduling, but not the audit duration3. Auditors approved for conducting onsite audits do require additional training for virtual audits, as there are significant differences in the skillset required. Virtual audits pose different challenges and opportunities than onsite audits, such as communication, technology, security, and evidence collection4 . Auditors need to be familiar with the tools and techniques for conducting remote audits, as well as the ethical and professional behavior expected in a virtual environment . References: * PECB Candidate Handbook - ISO 27001 Lead Auditor, page 18 * ISO 19011:2018, Guidelines for auditing management systems, clause 5.3.2 * ISO 19011:2018, Guidelines for auditing management systems, clause 6.3.1 * Deloitte - Conducting a Virtual Internal Audit, page 1 * [A Guide to Conducting Effective and Efficient Remote Audits], page 1 * [ISO 19011:2018, Guidelines for auditing management systems], clause 7.2.3 * [Remote Auditing Best Practices & Checklist for Regulatory Compliance], page 1