Based on scenario 3, which information security control of Annex A of ISO/IEC 27001 did Socket Inc. implement by establishing a new system to maintain, collect, and analyze information related to information security threats?
An organization documented each security control that it implemented by describing their functions in detail. Is this compliant with ISO/IEC 27001?
Which security controls must be implemented to comply with ISO/IEC 27001?
What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?
An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement?
Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients’ data and medical history, and communicate with all the involved parties, including parents, other physicians, and the medical laboratory staff.Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software. Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic’s patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients’ privacy.Based on the scenario above, answer the following question:Which of the following indicates that the confidentiality of information was compromised?
