ISO 28000 - The Supply Chain Quiz

18 Questions | Total Attempts: 26

SettingsSettingsSettings
Please wait...
ISO 28000 - The Supply Chain Quiz

ISO 28000:2007 is an ISO standard published by International Organization for Standardization which includes requirements of a security management system particularly dealing with security assurance in the supply chain. The standard was developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007


Questions and Answers
  • 1. 
    Outline 5 agenda points that would be discussed during Management review meeting
  • 2. 
    Outline 3 key steps involved in managing a security incident? 
  • 3. 
    State 4 mandatory procedures required in ISO 28000? 
  • 4. 
    The standard ISO 28000 specifies the requirement for:
    • A. 

      Security management system for supply chain

    • B. 

      Information security management system

    • C. 

      Business continuity management system

    • D. 

      Safety management systems

  • 5. 
    PDCA Refers to
    • A. 

      Plan Do Correct Acknowledge

    • B. 

      Plan Define Check Act

    • C. 

      Plan Do Check Act

    • D. 

      Please Do and Check Accordingly

  • 6. 
    Risk is defined as
    • A. 

      Any possible intentional action

    • B. 

      Process of verifying the trustworthiness of people

    • C. 

      Likelihood of a security threat materializing and the consequences

    • D. 

      All of the above

  • 7. 
    As per the ISO 28000 standard internal audit shall be conducted?
    • A. 

      Always Every Year

    • B. 

      At planned Intervals

    • C. 

      Prior to Certification audit

    • D. 

      As per management availability

  • 8. 
    According to ISO 28000, security risk assessment shall consider risks due to:
    • A. 

      Physical failure threats and risks

    • B. 

      Operational threats and risks

    • C. 

      Stakeholder threats and risks

    • D. 

      All of the above

  • 9. 
    Action to eliminate the cause of a nonconformity and to prevent recurrence" is called:
    • A. 

      Security failure

    • B. 

      Preventive action

    • C. 

      Corrective action

    • D. 

      Correction

  • 10. 
    The documented procedure for security risk assessment include
    • A. 

      Identification of security threats

    • B. 

      Determination of the risks associated with the identified security threats

    • C. 

      Indication of the level of the risks related to each security threat and whether they are or are not, tolerable

    • D. 

      All of the above.

  • 11. 
    To address the root cause(s) of a nonconformity the company will implement
    • A. 

      One or several corrective actions

    • B. 

      One or several corrections

    • C. 

      Corrective actions and preventive actions

    • D. 

      None of the above

  • 12. 
    Security management programmes is
    • A. 

      Means by which a security management objective is achieved

    • B. 

      Overall intentions and direction of an organization

    • C. 

      Global security risks

    • D. 

      Security achievements

  • 13. 
    To be a first party internal auditor a person has to be
    • A. 

      A competent internal auditor

    • B. 

      Down stream Vendor

    • C. 

      Upstream Vendor

    • D. 

      All of the above

  • 14. 
    ISO 28000:2007 requires that the security policy:
    • A. 

      Provide the framework which, enables the specific security management objectives, targets and programmes to be produced.

    • B. 

      Be consistent with the organization’s overall security threat and risk management framework.

    • C. 

      Include a commitment to continual improvement of the security management process.

    • D. 

      Be documented, implemented and maintained;

    • E. 

      All of the above

  • 15. 
    According to ISO 28000, Security management objectives shall be
    • A. 

      Consistent with commitment to supplier evaluation ratings

    • B. 

      One-time activity

    • C. 

      Communicated to Regulatory body

    • D. 

      Communicated, documented and reviewed periodically

    • E. 

      Approved by Regulatory body

  • 16. 
    ISO 28000 section 4.4.1 requires organization to:
    • A. 

      Appointing a member of the top management with overall responsibility

    • B. 

      Establish and maintain a structure of roles, responsibilities and authorities

    • C. 

      Above two points

    • D. 

      Companies to be certified to Information security

  • 17. 
    In accordance with ISO 28000, which of the following requires records to be retained by the organization?
    • A. 

      Training and competence records

    • B. 

      Security inspection reports

    • C. 

      Reports of security exercises and drills

    • D. 

      All of the above

  • 18. 
    Internal audit must be conducted by:
    • A. 

      Trained auditors

    • B. 

      Competent personnel

    • C. 

      Certification body

    • D. 

      None of the above.

Back to Top Back to top