Do You Know ISO

Vocab 1

ISO Process

What does it all mean?

More Vocab, Johnny

What is it?

100

It has limited scope and is the second and third year of the ISO/IEC 27001:2013 audit.

What is Surveillance?

100

Cyrus One Data Center and City West Office Building

What was the scope of the AMR ISO/IEC 27001: 2013 Audit?

100

ISO abbreviation meaning

What is international organization of national standards?

100

Azure AIP and DLP (Data Loss Protection)

What are the two tools / platforms protecting our data that we send?

100

I must attend my Security Awareness training not only because I will learn valuable information on maintaining our SABIC ISMS but also because it will be evidence of this.

What is a security control?

200

Access Matrix, Password Rules, Data Wipe Certificates, awareness training slides

What are evidences of some security controls?

200

We would look at this reference to obtain definitions for the standard involved in certifying the ISMS

What is ISO 27000?

200

To complete or obtain certification on Security Training classes to fulfill this mandatory ISO 27001 clause.

What is 7.2 Competence clause?

200

What you are in the ISMS

What is the ISMS Implementation team?

200

The reason we change our windows password every 120 days.

What is security objective and control A.9.2.4 Management of secret authentication information of users

300

IT uses this to mitigate threats to SABIC Assets.

What is a security control?

300

One is designed to prepare you, and the other is the actual audit.

What is internal and external audits of ISO 27001?

300

Where we can go to find out how long we should keep our system access logs or data wipe certificates.

What is the AMR Data retention policy?

300

We would look at this reference to learn the requirements for the ISMS

What is ISO 27001?

300

This account should be used for privileged access to systems but this account never be used by a person to login to a system.

What is the difference between a privileged account and a service account?

400

To meet our minimum ISO certifications these should be documented, approved and made available to our IT teams.

What are processes, procedures, work instructions?

400

"Thou Shall" do these requirements.

What are the mandatory clauses of ISO/IEC 27001: 2013?

400

Managers, System Admins, Developers, Users, Security Incident Response process, Security Policies, computers, servers, firewalls, and company assets.

What are the components of the ISMS?

400

This statement is a part of that policy:

Systems Users must not install any software on Company Information Systems without the prior approval of the Information Technology Organization. Disabling or modifying any Company installed software on Company Computer Information Systems (including, but not limited to security, encryption or filtering software) is prohibited.

What is SABIC Computer Use Policy?

400

The ISMS Preserves these 3 elements of our information by applying a risk management process ensuring we are secure.

What is Confidentiality, Integrity, and Availability?

500

organization that prepares and publishes international standards for all electrical, electronic and related technologies

What is ISE of ISO/IEC?

500

The five teams in Scope for AMR 27001 audit.

What is AMR IT, HR, Legal, Procurement, EHSS

500

This platform looks at document contents for IP addresses that are sent to non-SABIC email accounts and flags them as a possible violation.

What is DLP? Data Loss Protection

500

This tool allows users to protect a document before sending it to others. This is not the same as "classifying" your document.

What is Azure Information Protection? (AIP)

500

The 4 main components within the ISO/IEC 27001: 2013 standard

1. Mandatory Clauses

2. 14 domains

3. 35 objectives

4. 114 security controls