Questão Q730436

Atenção: Para responder à questão considere as Normas NBR ISO/IEC 27001:2013 e 27002:2013.

Concerning the objectives of asset management, one of them is to

Alternativas

protect the organization’s interests as part of the process of changing.

ensure that information receives an appropriate level of protection in accordance with its importance to the organization.

ensure authorized user access and to prevent unauthorized access to systems and services.

ensure that employees and collaborators understand their responsibilities and are suitable for the roles of the organization.

make users accountable for safeguarding their authentication information.

Comentários

b) ensure that information receives an appropriate level of protection in accordance with its importance to the organization.
A.8 Gestão de ativos
A.8.2 Classificação da informação
Objetivo: Assegurar que a informação receba um nível adequado de proteção, de acordo com a sua importância para a organização.

FONTE: NBR ISO/IEC 27001:2013
ISO 27002:2013 recommends that information security controls address information security control objectives which arise from risks to the confidentiality, integrity and availability of information. Organizations that adopt ISO/IEC 27002 assess their own information risks, make their control objectives clear and apply suitable controls (or indeed other forms of risk handling) using the norms for guidance.

https://www.iso27001security.com/html/27002.html

SóProvas