PECB Lead Implementer (ISO/IEC 27001) — Question 86

An organization has adopted a new authentication method to ensure secure access to sensitive areas and facilities of the company. It requires every employee to use a two-factor authentication (password and QR code). This control has been implemented, however its use has not been communicated to employees. What is the level of maturity of this control?

Answer options

• A. Optimized
• B. Defined
• C. Managed

Correct answer: B

Explanation

The correct answer is B, Defined, as the control is established but lacks communication to employees, indicating it is not fully integrated into the organization's processes. Option A, Optimized, suggests a higher level of maturity where the control is continuously improved and well communicated. Option C, Managed, implies that the control is in place and monitored, but without the necessary communication, the control cannot be considered to have reached that level.