ISO 28000 - The Supply Chain Quiz

18 Questions | Attempts: 87
SettingsSettingsSettings
Please wait...
Create your own Quiz
ISO 28000 - The Supply Chain Quiz - Quiz

ISO 28000:2007 is an ISO standard published by International Organization for Standardization which includes requirements of a security management system particularly dealing with security assurance in the supply chain. The standard was developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007

Questions and Answers
  • 1. 
    Outline 5 agenda points that would be discussed during Management review meeting
  • 2. 
    Outline 3 key steps involved in managing a security incident? 
  • 3. 
    State 4 mandatory procedures required in ISO 28000? 
  • 4. 
    The standard ISO 28000 specifies the requirement for:
    • A. 

      Security management system for supply chain

    • B. 

      Information security management system

    • C. 

      Business continuity management system

    • D. 

      Safety management systems

  • 5. 
    PDCA Refers to
    • A. 

      Plan Do Correct Acknowledge

    • B. 

      Plan Define Check Act

    • C. 

      Plan Do Check Act

    • D. 

      Please Do and Check Accordingly

  • 6. 
    Risk is defined as
    • A. 

      Any possible intentional action

    • B. 

      Process of verifying the trustworthiness of people

    • C. 

      Likelihood of a security threat materializing and the consequences

    • D. 

      All of the above

  • 7. 
    As per the ISO 28000 standard internal audit shall be conducted?
    • A. 

      Always Every Year

    • B. 

      At planned Intervals

    • C. 

      Prior to Certification audit

    • D. 

      As per management availability

  • 8. 
    According to ISO 28000, security risk assessment shall consider risks due to:
    • A. 

      Physical failure threats and risks

    • B. 

      Operational threats and risks

    • C. 

      Stakeholder threats and risks

    • D. 

      All of the above

  • 9. 
    Action to eliminate the cause of a nonconformity and to prevent recurrence" is called:
    • A. 

      Security failure

    • B. 

      Preventive action

    • C. 

      Corrective action

    • D. 

      Correction

  • 10. 
    The documented procedure for security risk assessment include
    • A. 

      Identification of security threats

    • B. 

      Determination of the risks associated with the identified security threats

    • C. 

      Indication of the level of the risks related to each security threat and whether they are or are not, tolerable

    • D. 

      All of the above.

  • 11. 
    To address the root cause(s) of a nonconformity the company will implement
    • A. 

      One or several corrective actions

    • B. 

      One or several corrections

    • C. 

      Corrective actions and preventive actions

    • D. 

      None of the above

  • 12. 
    Security management programmes is
    • A. 

      Means by which a security management objective is achieved

    • B. 

      Overall intentions and direction of an organization

    • C. 

      Global security risks

    • D. 

      Security achievements

  • 13. 
    To be a first party internal auditor a person has to be
    • A. 

      A competent internal auditor

    • B. 

      Down stream Vendor

    • C. 

      Upstream Vendor

    • D. 

      All of the above

  • 14. 
    ISO 28000:2007 requires that the security policy:
    • A. 

      Provide the framework which, enables the specific security management objectives, targets and programmes to be produced.

    • B. 

      Be consistent with the organization’s overall security threat and risk management framework.

    • C. 

      Include a commitment to continual improvement of the security management process.

    • D. 

      Be documented, implemented and maintained;

    • E. 

      All of the above

  • 15. 
    According to ISO 28000, Security management objectives shall be
    • A. 

      Consistent with commitment to supplier evaluation ratings

    • B. 

      One-time activity

    • C. 

      Communicated to Regulatory body

    • D. 

      Communicated, documented and reviewed periodically

    • E. 

      Approved by Regulatory body

  • 16. 
    ISO 28000 section 4.4.1 requires organization to:
    • A. 

      Appointing a member of the top management with overall responsibility

    • B. 

      Establish and maintain a structure of roles, responsibilities and authorities

    • C. 

      Above two points

    • D. 

      Companies to be certified to Information security

  • 17. 
    In accordance with ISO 28000, which of the following requires records to be retained by the organization?
    • A. 

      Training and competence records

    • B. 

      Security inspection reports

    • C. 

      Reports of security exercises and drills

    • D. 

      All of the above

  • 18. 
    Internal audit must be conducted by:
    • A. 

      Trained auditors

    • B. 

      Competent personnel

    • C. 

      Certification body

    • D. 

      None of the above.

Related Topics

Featured Quizzes

Music Taste Quiz: What Is My Music Taste? Music Taste Quiz: What Is My Music Taste?
Harry Potter House Quiz: Which Harry Potter Hogwarts House Do You Belong To? Harry Potter House Quiz: Which Harry Potter Hogwarts House Do You Belong To?
Quiz: Do I have a crush on him? Quiz: Do I have a crush on him?
What Kind of Valentine Are You Quiz! What Kind of Valentine Are You Quiz!
Science Quiz For Class 8th Students Science Quiz For Class 8th Students
Will You Have a Valentine This Year? Quiz Will You Have a Valentine This Year? Quiz

Popular Topics

+ Show more
Back to Top Back to top
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.