In which order is an Information Security Management System set up?

• A.Establishment, implementation, operation, maintenance
• B.Implementation, operation, improvement, maintenance
• C.Establishment, operation, monitoring, improvement
• D.Implementation, operation, maintenance, establishment

Comment: *

Name: *

Email: *

Verification: *

A decent visitor is roaming around without visitor's ID. As an employee you should do the following, except:

• A.Say "hi" and offer coffee
• B.Call the receptionist and inform about the visitor
• C.Greet and ask him what is his business
• D.Escort him to his destination

Comment: *

Name: *

Email: *

Verification: *

You are an experienced ISMS audit team leader.
You are currently conducting a third-party surveillance audit of an international haulage organisation.
You have sampled four internal audit reports which state:
Report 1 - Auditor: Mr James.
Over the year the organisation has failed to meet its promised delivery dates on 23 occasions out of 100.
This is against a target of '95% of deliveries on time'.
Grading - Minor
Corrective Action due: Within 9 months.
Report 2 - Auditor: Mr James.
Between January and March, it was noted 125 complaints were received about the Service Desk Team. Clients accused them of being rude and unresponsive.
Grading - Minor
Corrective Action due: Within 12 months.
Report 3 - Auditor: Mr James.
Of the 40 customer orders received last month, 38 were correctly processed. Of the remaining 2, one was missing a signature and one was missing a date.
Grading -
Corrections due: Within 3 weeks
Report 4 - Auditor: Mr Rogers.
Of the 30 personnel records examined, 26 were found to be fully completed whilst the remaining 4 were all missing the individual's start date.
Grading - Major
Corrections due: Within 1 week
Which four of the options demonstrate the concerns you would have about these reports?

• A.I would be concerned that the auditors focussed only on information security processes
• B.I would be concerned because action taken to address a major nonconformity should always be completed sooner than action taken to address minor nonconformities
• C.I would have a concern that one auditor appeared to be conducting most of the internal audits
• D.I would be concerned that timing for addressing the nonconformities is significantly different in the four reports
• E.I would be concerned that no grading is recorded for Report 3. This could indicate that the auditor did not complete the report correctly or that they failed to make a determination as to severity
• F.I would be concerned as to whether criteria for grading nonconformities are in existence in this organisation
• G.I would be concerned as to whether the auditors understand the difference between corrections and corrective actions
• H.I would have a concern that no nonconformity review was conducted

Comment: *

Name: *

Email: *

Verification: *

Which three of the following work documents are not required for audit planning by an auditor conducting a certification audit?

• A.An audit plan
• B.A sample plan
• C.An organisation's financial statement
• D.A checklist
• E.A career history of the IT manager
• F.A list of external providers

Comment: *

Name: *

Email: *

Verification: *

Which option below about the ISMS scope is correct?

• A.ISMS scope should be available as documented information
• B.ISMS scope should ensure continual improvement
• C.ISMS scope should be compatible with the strategic orientation of the organization

Comment: *

Name: *

Email: *

Verification: *