ISO-IEC-27001-Lead-Implementer Exam Dumps : PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

ISO/IEC 27002:2022 Clause 5.17 – Information Security in Project Management, and Clause 5.2 – Roles and Responsibilities, support role flexibility provided responsibilities are clear and documented.

Thesame groupcan assume multiple roles, provided:

The roles are defined

Competency is proven

There is no conflict of interest

It’s acceptable and sometimes encouraged for an established, competent committee like the ISC to assume emergency roles during incidents, enhancing response efficiency.

 Risk modification is one of the four risk treatment options defined by ISO/IEC 27001, which involves applying controls to reduce the likelihood and/or impact of the risk. By requiring its employees to change their email passwords at least once every 60 days, Company A has implemented a risk modification option to reduce the risk of unauthorized access to its email accounts. Changing passwords frequently can make it harder for attackers to guess or crack the passwords, and can limit the damage if a password is compromised.

The other three risk treatment options are:

Risk avoidance: This option involves eliminating the risk source or discontinuing the activity that causes the risk. For example, Company A could avoid the risk of email compromise by not using email at all, but this would also mean losing the benefits of email communication.

Risk retention: This option involves accepting the risk and its consequences, either because the risk is too low to justify any treatment, or because the cost of treatment is too high compared to the potential loss. For example, Company A could retain the risk of email compromise by not implementing any security measures, but this would expose the company to potential breaches and reputational damage.

Risk transfer: This option involves sharing or transferring the risk to a third party, such as an insurer, a supplier, or a partner. For example, Company A could transfer the risk of emailcompromise by outsourcing its email service to a cloud provider, who would be responsible for the security and availability of the email accounts.

According to ISO/IEC 27006:2015, the prerequisites for a certification audit are:

The ISMS must be operational for a period of time that is sufficient to demonstrate its effectiveness and performance.

The organization must have conducted at least one internal audit and one management review of the ISMS prior to the certification audit.

The organization must provide the certification body with access to all the relevant documented information, records, personnel, and facilities related to the ISMS.

In the scenario, NetworkFuse has fulfilled these prerequisites, as it has had an operational ISMS for approximately two years, and it has performed internal audits and management reviews. Therefore, the correct answer is B.