PECB Lead Implementer (ISO/IEC 27001) — Question 52

What should an organization allocate to ensure the maintenance and improvement of the information security management system?

Answer options

• A. The appropriate transfer to operations
• B. Sufficient resources, such as the budget, qualified personnel, and required tools
• C. The documented information required by ISO/IEC 27001

Correct answer: B

Explanation

The correct answer, B, emphasizes the need for adequate resources, including budget, qualified personnel, and tools, which are essential for maintaining and improving an information security management system. Option A is incorrect because transferring operations does not relate to the necessary resources for maintenance and improvement. Option C, while important for compliance, does not address the broader resource allocation required for effective management.