PECB Lead Implementer (ISO/IEC 27001) — Question 22

Based on scenario 3, which information security control of Annex A of ISO/IEC 27001 did Socket Inc. implement by establishing a new system to maintain, collect, and analyze information related to information security threats?

Answer options

• A. Annex A 5.5 Contact with authorities
• B. Annex A 5.7 Threat Intelligence
• C. Annex A 5.13 Labeling of information

Correct answer: B

Explanation

The correct answer is B, Annex A 5.7 Threat Intelligence, because it specifically relates to the collection and analysis of data on security threats. Options A and C do not pertain to the proactive analysis of threats; instead, A focuses on communication with authorities and C concerns the classification of information.