PECB ISO/IEC 27001 Lead Implementer Lead Implementer Exam Questions in PDF

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.
Hide Case Study

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.
Hide Case Study

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.
Hide Case Study

Texas H&H Inc. is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. The company decided to utilize cloud storage services which best suited its needs, due to the large amount of data that the company processes daily. Recently, Texas H&H Inc. learned that the cloud storage provider that it uses has been publicly compromised.
Being aware of the high risk of data exposure, the security administrators of Texas H&H Inc. decided to undertake actions that could prevent a potential attack. In the absence of an information security incident management policy, their response was based on their knowledge gained from previous incidents. They tested their systems for any malicious activity or violation and checked if the cloud-based email settings were changed. By quickly responding to the exploited vulnerability that was found, the team was able to prevent the attack.
Once they made sure that the attackers do not have access in their system, the security administrators decided to proceed with the forensic analysis. They concluded that their access security system was not designed for threat detection, including the detection of malicious files which could be the cause of possible future attacks
Based on these findings, Texas H&H Inc. decided to modify its access security system to avoid future incidents and integrate an incident management policy in their information security policy that could serve as guidance for employees on how to respond to similar incidents.
Hide Case Study

Texas H&H Inc. is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. The company decided to utilize cloud storage services which best suited its needs, due to the large amount of data that the company processes daily. Recently, Texas H&H Inc. learned that the cloud storage provider that it uses has been publicly compromised.
Being aware of the high risk of data exposure, the security administrators of Texas H&H Inc. decided to undertake actions that could prevent a potential attack. In the absence of an information security incident management policy, their response was based on their knowledge gained from previous incidents. They tested their systems for any malicious activity or violation and checked if the cloud-based email settings were changed. By quickly responding to the exploited vulnerability that was found, the team was able to prevent the attack.
Once they made sure that the attackers do not have access in their system, the security administrators decided to proceed with the forensic analysis. They concluded that their access security system was not designed for threat detection, including the detection of malicious files which could be the cause of possible future attacks
Based on these findings, Texas H&H Inc. decided to modify its access security system to avoid future incidents and integrate an incident management policy in their information security policy that could serve as guidance for employees on how to respond to similar incidents.
Hide Case Study