Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 303 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 303
Topic #: 1
As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

Suggested Answer: C Vote an answer

An organisational measure is a measure that involves the establishment of policies, procedures, roles, responsibilities, and structures to manage information security within an organization. Examples of organisational measures include security policies, awareness programs, risk assessments, audits, and incident response plans. A policy is a statement of intent or direction that provides guidance for decision making and actions within an organization. A policy defines the scope, objectives, principles, and roles for information security management. Therefore, formulating a policy is the first step in a structured approach to come up with an organisational measure to protect laptop computers. Reference: ISO/IEC 27000:2022, clause 3.47; ISO/IEC 27001:2022, clause 5.2.

by Marlon at Jun 22, 2026, 03:17 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어