没有合适的资源?快使用搜索试试~ 我知道了~
首页ISO 27001 考古題
ISO 27001 考古題
需积分: 28 7 下载量 5 浏览量
更新于2023-03-16
1
收藏 536KB PDF 举报
ISO 27001 考古題 ISO 27001 exam questions in essay style
资源详情
资源推荐
![](https://csdnimg.cn/release/download_crawler_static/9430479/bg1.jpg)
EXAM PREPARATION GUIDE
PECB Certified ISO/IEC 27001 Lead Auditor
![](https://csdnimg.cn/release/download_crawler_static/9430479/bg2.jpg)
PECB-820-2 ISO/IEC 27001 LA Exam Preparation Guide
Page 2 of 16
The objective of the “Certified ISO/IEC 27001 Lead Auditor” examination is to ensure that the
candidate has the knowledge and the skills to plan and perform an Information Security
Management System (ISMS) audit compliant with the ISO/IEC 27001:2013 standard, to master
audit principles and techniques, and to manage (or be part of) audit teams and audit programs.
The target population for this examination is:
Auditors wanting to perform and lead an Information Security Management System (ISMS)
audit as responsible of an audit team
Project managers or consultants wanting to master the Information Security Management
System audit process
Persons responsible for the Information security or conformity in an organization
Members of an information security team
Expert advisors in information technology
Technical experts wanting to prepare for an Information security audit function
The exam content covers the following domains:
Domain 1: Fundamental principles and concepts of information security (IS)
Domain 2: Information Security Management System (ISMS)
Domain 3: Fundamental audit concepts and principles
Domain 4: Preparation of an ISO/IEC 27001 audit
Domain 5: Conduct of an ISO/IEC 27001 audit
Domain 6: Closing an ISO/IEC 27001 audit
Domain 7: Managing an ISO/IEC 27001 audit program
![](https://csdnimg.cn/release/download_crawler_static/9430479/bg3.jpg)
PECB-820-2 ISO/IEC 27001 LA Exam Preparation Guide
Page 3 of 16
The content of the exam is divided as follows:
Domain 1: Fundamental Principles and Concepts in Information
Security
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can understand,
interpret and illustrate the main information security concepts related to an Information Security
Management System (ISMS).
Competencies
1. Understand and explain the operations
of the ISO organization and the
development of information security
standards.
2. Ability to identify, analyze and evaluate
the information security compliance
requirements for an organization.
3. Ability to explain and illustrate the main
concepts in information security and
information security risk management.
4. Ability to distinguish and explain the
difference between information asset,
data and record.
5. Understand, interpret and illustrate the
relationship between the concepts of
asset, vulnerability, threat, impact and
controls.
Knowledge statements
1. Knowledge of the application of the eight ISO
management principles to information security.
2. Knowledge of the main standards in information
security.
3. Knowledge of the different sources of information
security requirement for an organization: laws,
regulations, international and industry standards,
contracts, market practices, internal policies.
4. Knowledge of the main information security concepts
and terminology as described in ISO 27000.
5. Knowledge of the concept of risk and its application in
information security.
6. Knowledge of the relationship between the concepts
of asset, vulnerability, threat, impact and controls.
7. Knowledge of the difference and characteristics of
security objectives and controls.
8. Knowledge of the difference between preventive,
detective and corrective controls and their
characteristics.
![](https://csdnimg.cn/release/download_crawler_static/9430479/bg4.jpg)
PECB-820-2 ISO/IEC 27001 LA Exam Preparation Guide
Page 4 of 16
Domain 2: Information Security Management System (ISMS)
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can understand,
interpret and illustrate the main concepts and components of an Information Security
Management System based on ISO/IEC 27001.
Competencies
1. Understand and explain the components of an
Information Security Management System
based on ISO/IEC 27001 and its principal
processes.
2. Ability to interpret and analyze ISO/IEC 27001
requirements.
3. Understand, explain and illustrate the main
steps to establish, implement, operate, monitor,
review, maintain and improve an organization's
ISMS.
4. Ability to formulate security objectives and
select the appropriate controls based upon
Annex A of ISO/IEC 27001.
Knowledge statements
1. Knowledge of the concepts, principles and
terminology related to management systems
and the "Plan-Do-Check-Act" (PDCA) model.
2. Knowledge of the principal characteristics of an
integrated management system.
3. Knowledge of the main advantages of a
certification for an organization.
4. Knowledge of the ISO/IEC 27001 requirements
presented in the clauses 4 to 8.
5. Knowledge of the main steps to establish the
ISMS and security policies, security objectives,
processes and procedures relevant to managing
risk and improving information security to deliver
results in accordance with an organization’s
overall policies and objectives (Awareness
level).
6. Knowledge of the concept of continual
improvement and its application to an ISMS.
7. Knowledge of the structure of Annex A (security
objectives and controls).
剩余15页未读,继续阅读
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![application/pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![](https://csdnimg.cn/release/wenkucmsfe/public/img/green-success.6a4acb44.png)