PECB Lead Implementer (ISO/IEC 27001) — Question 12

Which situation described in scenario 1 represents a threat to HealthGenic?

Answer options

• A. HealthGenic did not train its personnel to use the software
• B. The software company modified information related to HealthGenic’s patients
• C. HealthGenic used a web-based medical software for storing patients' confidential information

Correct answer: B

Explanation

The correct answer is B because modifying patient information can lead to data breaches and compromise patient privacy, which is a serious threat. Option A is incorrect as lack of training does not directly represent a threat, and option C, while concerning, does not inherently indicate a threat unless there are additional factors like security issues.