PECB Lead Implementer (ISO/IEC 27001) — Question 27

The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events. According to ISO/IEC 27001, what else must an incident management process include?

Answer options

• A. Processes for using knowledge gained from information security incidents
• B. Establishment of two information security incident response teams
• C. Processes for handling information security incidents of suppliers as defined in their agreements

Correct answer: A

Explanation

The correct answer is A because ISO/IEC 27001 emphasizes the importance of learning from past incidents to improve future responses. Options B and C are not mandated by the standard; while having incident response teams and handling supplier incidents may be beneficial, they are not explicitly required components of the incident management process as defined by ISO/IEC 27001.