PECB Lead Implementer (ISO/IEC 27001) — Question 36

An organization has adopted a new authentication method to ensure secure access to sensitive areas and facilities of the company. It requires every employee to use a two-factor authentication (password and QR code). This control has been documented, standardized, and communicated to all employees, however its use has been left to individual initiative, and it is likely that failures can be detected. Which level of maturity does this control refer to?

Answer options

• A. Optimized
• B. Defined
• C. Quantitatively managed

Correct answer: B

Explanation

The correct answer is B, Defined, because the control has been documented and standardized, indicating that the organization has established a clear method for implementation. Options A, Optimized, and C, Quantitatively managed, imply higher levels of maturity where processes are continuously improved or measured quantitatively, which is not the case here as the control's usage is still dependent on individual initiative.