Specifically, the candidate should understand:
The scope and purpose of ISO/IEC 27001 and how it can be used.
The key terms and definitions used in ISO/IEC 27001.
The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
The processes, their objectives and high-level requirements.
Applicability and scope definition requirements.
Use of controls to mitigate IS risks.
The purpose of internal audits and external certification audits, their operation and the associated terminology.
This qualification is aimed at those who are:
Working to implement or maintain an ISMS within an organization.
Required to audit an ISMS and are required to have a basic understanding of the standard.
Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
To help organizations establish and maintain an information security management system (ISMS).
Type: 50 MCQ
Duration: 50 minutes
Open Book: No
Pass Score: 25/50