Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 49 Discussion

Actual exam question for PECB's ISO/IEC 27001 Lead Auditor exam
Question #: 49
Topic #: 1
[All ISO/IEC 27001 Lead Auditor Questions]

As an auditor, you have noticed that ABC Inc. has established a procedure to manage the removable storage medi

a. The procedure is based on the classification scheme adopted by ABC Inc. Thus, if the information stored is classified as "confidential," the procedure applies. On the other hand, the information that is classified as "public," does not have confidentiality requirements: thus, only a procedure for ensuring its integrity and availability applies. What type of audit finding is this?

Show Suggested Answer Hide Answer
Suggested Answer: C

This scenario represents a conformity because ABC Inc. has implemented procedures for managing removable storage media that align with the classification scheme of the information stored. When information is classified as 'confidential,' more stringent procedures apply, whereas for 'public' information, the procedures focus only on integrity and availability, following the organization's defined information classification policy.


Contribute your Thoughts:

Jamika
21 days ago
I believe it could also be considered a nonconformity finding, as there may be a lack of confidentiality requirements for certain information.
upvoted 0 times
...
Sage
21 days ago
What kind of company has 'public' information that doesn't need to be managed? Sounds like they're asking for trouble. I'd go with nonconformity on this one.
upvoted 0 times
...
Carlene
24 days ago
Hmm, I'm not so sure. If the company doesn't have any requirements for public information, then maybe this is just an anomaly rather than a nonconformity. It depends on the specific policies and procedures.
upvoted 0 times
...
Lawanda
24 days ago
I agree with Bulah, it seems to be a conformity finding based on the procedure matching the classification scheme.
upvoted 0 times
...
Mozell
24 days ago
I agree, this is definitely a nonconformity. The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
Tamekia
5 days ago
User 3: Nonconformity
upvoted 0 times
...
Cecily
12 days ago
User 2: The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
...
Lashawna
13 days ago
User 1: I agree, this is definitely a nonconformity.
upvoted 0 times
...
...
Murray
1 months ago
This seems like a clear case of a nonconformity. The company has established a procedure for managing confidential information, but it doesn't apply to public information. That's a gap in their policy.
upvoted 0 times
Kathrine
3 days ago
B) Anomaly
upvoted 0 times
...
Peggie
5 days ago
User 3: It's important for them to have consistent procedures in place.
upvoted 0 times
...
Makeda
5 days ago
User 2: I agree, they need to ensure all information is managed properly.
upvoted 0 times
...
Kirk
15 days ago
I agree, it definitely seems like a nonconformity. They need to ensure their procedure covers all types of information.
upvoted 0 times
...
Leanna
17 days ago
A) Nonconformity
upvoted 0 times
...
Cassi
19 days ago
User 1: This is definitely a nonconformity.
upvoted 0 times
...
...
Bulah
1 months ago
I think this is a conformity finding.
upvoted 0 times
...

Save Cancel