Limited Time Offer
15%
Off
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Exam ISO-IEC-27001-Lead-Auditor Topic 2 Question 134 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 134
Topic #: 2
Question #: 134
Topic #: 2
You are an audit team leader conducting a third-party surveillance audit of a telecom services provider. You have assigned responsibility for auditing the organisation's information security objectives to a junior member of your audit team. Before they begin their assessment, you ask them the following question to check their understanding of the requirements of ISO/IEC 27001:2022.
Which four of the following criteria must Information security objectives fulfil?
Which four of the following criteria must Information security objectives fulfil?
Suggested Answer: A,B,G,H Vote an answer
According to ISO/IEC 27001:2022, clause 6.2, information security objectives are the specific results that an organisation intends to achieve with its information security management system (ISMS). The standard specifies that information security objectives must fulfil the following criteria:
* They must be communicated appropriately (A): The organisation must ensure that the relevant internal and external parties are informed about the information security objectives and their roles and responsibilities in achieving them. This can help to create awareness, commitment, and accountability for information security. This criterion is related to clause 6.2.2 of ISO/IEC 27001:2022.
* They must be available as documented information (B): The organisation must maintain and retain documented information on the information security objectives, including their scope, level, indicators, and time frame. This can help to provide evidence, traceability, and consistency for information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
* They must be consistent with the IS Policy (G): The organisation must ensure that the information security objectives are aligned with the information security policy, which is the top-level statement of the organisation's intentions and direction for information security. This can help to support the strategic objectives and the context of the organisation. This criterion is related to clause 5.2 of ISO/IEC
27001:2022.
* They must be achievable (H): The organisation must ensure that the information security objectives are realistic and attainable, considering the available resources, capabilities, and constraints. This can help to avoid setting unrealistic or unfeasible expectations and to monitor and measure the progress and performance of information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements1
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor2
* ISO 27001:2022 Lead Auditor - PECB3
* ISO 27001:2022 certified ISMS lead auditor - Jisc4
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course5
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy6
* They must be communicated appropriately (A): The organisation must ensure that the relevant internal and external parties are informed about the information security objectives and their roles and responsibilities in achieving them. This can help to create awareness, commitment, and accountability for information security. This criterion is related to clause 6.2.2 of ISO/IEC 27001:2022.
* They must be available as documented information (B): The organisation must maintain and retain documented information on the information security objectives, including their scope, level, indicators, and time frame. This can help to provide evidence, traceability, and consistency for information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
* They must be consistent with the IS Policy (G): The organisation must ensure that the information security objectives are aligned with the information security policy, which is the top-level statement of the organisation's intentions and direction for information security. This can help to support the strategic objectives and the context of the organisation. This criterion is related to clause 5.2 of ISO/IEC
27001:2022.
* They must be achievable (H): The organisation must ensure that the information security objectives are realistic and attainable, considering the available resources, capabilities, and constraints. This can help to avoid setting unrealistic or unfeasible expectations and to monitor and measure the progress and performance of information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements1
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor2
* ISO 27001:2022 Lead Auditor - PECB3
* ISO 27001:2022 certified ISMS lead auditor - Jisc4
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course5
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy6
by Luther at Jun 02, 2024, 06:19 PM
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
RECENT DISCUSSIONS
- Exam L4M6 Topic 1 Question 93 Discussion
- Exam CAD Topic 4 Question 32 Discussion
- Exam ISO-IEC-27001-Lead-Implementer Topic 1 Question 184 Discussion
- Exam 300-745 Topic 1 Question 69 Discussion
- Exam NPPE Topic 4 Question 204 Discussion
- Exam Professional-Cloud-Database-Engineer Topic 13 Question 134 Discussion
- Exam HPE6-A86 Topic 1 Question 94 Discussion
Contact Us
From Monday to Saturday
Support: Contact now
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Copyright © 2026 Actual4test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy
Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).