PECB Lead Implementer (ISO/IEC 27001) — Question 26

An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement?

Answer options

• A. Use of privileged utility programs
• B. Clock synchronization
• C. Installation of software on operational systems

Correct answer: B

Explanation

The correct answer is B, as clock synchronization ensures that all systems have the same time reference, which is crucial for accurately correlating and analyzing security events. Options A and C do not directly support the correlation and analysis of security-related events, making them less relevant for the organization's needs.