ISO 28000:2007 is an ISO standard published by International Organization for Standardization which includes requirements of a security management system particularly dealing with security assurance in the supply chain. The standard was developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007
Security management system for supply chain
Information security management system
Business continuity management system
Safety management systems
Plan Do Correct Acknowledge
Plan Define Check Act
Plan Do Check Act
Please Do and Check Accordingly
Any possible intentional action
Process of verifying the trustworthiness of people
Likelihood of a security threat materializing and the consequences
All of the above
Always Every Year
At planned Intervals
Prior to Certification audit
As per management availability
Physical failure threats and risks
Operational threats and risks
Stakeholder threats and risks
All of the above
Security failure
Preventive action
Corrective action
Correction
Identification of security threats
Determination of the risks associated with the identified security threats
Indication of the level of the risks related to each security threat and whether they are or are not, tolerable
All of the above.
One or several corrective actions
One or several corrections
Corrective actions and preventive actions
None of the above
Means by which a security management objective is achieved
Overall intentions and direction of an organization
Global security risks
Security achievements
A competent internal auditor
Down stream Vendor
Upstream Vendor
All of the above
Provide the framework which, enables the specific security management objectives, targets and programmes to be produced.
Be consistent with the organization’s overall security threat and risk management framework.
Include a commitment to continual improvement of the security management process.
Be documented, implemented and maintained;
All of the above
Consistent with commitment to supplier evaluation ratings
One-time activity
Communicated to Regulatory body
Communicated, documented and reviewed periodically
Approved by Regulatory body
Appointing a member of the top management with overall responsibility
Establish and maintain a structure of roles, responsibilities and authorities
Above two points
Companies to be certified to Information security
Training and competence records
Security inspection reports
Reports of security exercises and drills
All of the above
Trained auditors
Competent personnel
Certification body
None of the above.
Wait!
Here's an interesting quiz for you.