New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 49 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 49
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

As an auditor, you have noticed that ABC Inc. has established a procedure to manage the removable storage medi

a. The procedure is based on the classification scheme adopted by ABC Inc. Thus, if the information stored is classified as "confidential," the procedure applies. On the other hand, the information that is classified as "public," does not have confidentiality requirements: thus, only a procedure for ensuring its integrity and availability applies. What type of audit finding is this?

Show Suggested Answer Hide Answer
Suggested Answer: C

This scenario represents a conformity because ABC Inc. has implemented procedures for managing removable storage media that align with the classification scheme of the information stored. When information is classified as 'confidential,' more stringent procedures apply, whereas for 'public' information, the procedures focus only on integrity and availability, following the organization's defined information classification policy.


Contribute your Thoughts:

Jamika
2 months ago
I believe it could also be considered a nonconformity finding, as there may be a lack of confidentiality requirements for certain information.
upvoted 0 times
...
Sage
2 months ago
What kind of company has 'public' information that doesn't need to be managed? Sounds like they're asking for trouble. I'd go with nonconformity on this one.
upvoted 0 times
...
Carlene
3 months ago
Hmm, I'm not so sure. If the company doesn't have any requirements for public information, then maybe this is just an anomaly rather than a nonconformity. It depends on the specific policies and procedures.
upvoted 0 times
...
Lawanda
3 months ago
I agree with Bulah, it seems to be a conformity finding based on the procedure matching the classification scheme.
upvoted 0 times
...
Mozell
3 months ago
I agree, this is definitely a nonconformity. The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
Ressie
2 months ago
Anomaly
upvoted 0 times
...
Tamekia
2 months ago
Nonconformity
upvoted 0 times
...
Cecily
2 months ago
The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
...
Lashawna
2 months ago
I agree, this is definitely a nonconformity.
upvoted 0 times
...
...
Murray
3 months ago
This seems like a clear case of a nonconformity. The company has established a procedure for managing confidential information, but it doesn't apply to public information. That's a gap in their policy.
upvoted 0 times
Zena
2 months ago
Makeda: They should address this gap in their policy to ensure compliance.
upvoted 0 times
...
Kathrine
2 months ago
B) Anomaly
upvoted 0 times
...
Peggie
2 months ago
It's important for them to have consistent procedures in place.
upvoted 0 times
...
Makeda
2 months ago
I agree, they need to ensure all information is managed properly.
upvoted 0 times
...
Kirk
2 months ago
I agree, it definitely seems like a nonconformity. They need to ensure their procedure covers all types of information.
upvoted 0 times
...
Leanna
2 months ago
A) Nonconformity
upvoted 0 times
...
Cassi
2 months ago
This is definitely a nonconformity.
upvoted 0 times
...
...
Bulah
3 months ago
I think this is a conformity finding.
upvoted 0 times
...

Save Cancel