PECB Exam ISO-IEC-27001-Lead-Implementer Topic 4 Question 35 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam

Question #: 35
Topic #: 4

What is the greatest risk for an organization if no information security policy has been defined?

AIf everyone works with the same account, it is impossible to find out who worked on what.

BInformation security activities are carried out by only a few people.

CToo many measures are implemented.

DIt is not possible for an organization to implement information security in a consistent manner.

Show Suggested Answer

Suggested Answer: D

by Beatriz at May 09, 2024, 09:29 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

5 months ago

I still think D covers it all. Without consistency, all the risks can multiply.

upvoted 0 times

...

5 months ago

True, but B could also be a problem. If only a few handle security, it's not effective.

upvoted 0 times

...

6 months ago

I agree with D seems more comprehensive. Without a policy, everything could be chaotic.

upvoted 0 times

...

6 months ago

Makes sense, but what about A? If everyone uses the same account, isn't that a big risk too?

upvoted 0 times

...

6 months ago

Yeah, I think it's D for sure. Consistency is key, right?

upvoted 0 times

...

6 months ago

Hey, did you see the question about the greatest risk for an organization without an info security policy?

upvoted 0 times

...