Controls

Question 1

Security of network services

Answer 1

8.21 #Preventive

Question 2

Data masking

Answer 2

8.11 #Preventive

Question 3

Protection of records

Answer 3

5.33 #Preventive

Question 4

Security of assets off-premises

Answer 4

7.9 #Preventive

Question 5

Security testing in development and acceptance

Answer 5

8.29 #Preventive

Question 6

Segregation of networks

Answer 6

8.22 #Preventive

Question 7

Information security event reporting

Answer 7

6.8 #Detective

Question 8

Contact with authorities

Answer 8

5.5 #Preventive #Corrective

Question 9

Configuration management

Answer 9

8.9 #Preventive

Question 10

Compliance with policies, rules, and standards for information security

Answer 10

5.36 #Preventive

Question 11

Secure development life cycle

Answer 11

8.25 #Preventive

Question 12

Storage media

Answer 12

7.10 #Preventive

Question 13

Information security awareness, education, and training

Answer 13

6.3 #Preventive

Question 14

Remote working

Answer 14

6.7 #Preventive

Question 15

Assessment and decision on information security events

Answer 15

5.25 #Detective

Question 16

Information security for use of cloud services

Answer 16

5.23 #Preventive

Question 17

Installation of software on operational systems

Answer 17

8.19 #Preventive

Question 18

Secure coding

Answer 18

8.28 #Preventive

Question 19

Separation of development, test, and production environments

Answer 19

8.31 #Preventive

Question 20

Use of privileged utility programs

Answer 20

8.18 #Preventive

Question 21

Information security roles and responsibilities

Answer 21

5.2 #Preventive

Question 22

Access rights

Answer 22

5.18 #Preventive

Question 23

Access control

Answer 23

5.15 #Preventive

Question 24

Secure authentication

Answer 24

8.5 #Preventive

Question 25

Physical security perimeters

Answer 25

7.1 #Preventive

Question 26

Protection against malware

Answer 26

8.7 #Preventive #Detective #Corrective

Question 27

Managing information security in the ICT supply chain

Answer 27

5.21 #Preventive

Question 28

Return of assets

Answer 28

5.11 #Preventive

Question 29

Response to information security incidents

Answer 29

5.26 #Corrective

Question 30

Information security in project management

Answer 30

5.8 #Preventive

Question 31

Legal, statutory, regulatory, and contractual requirements

Answer 31

5.31 #Preventive

Question 32

Responsibilities after termination or change of employment

Answer 32

6.5 #Preventive

Question 33

Policies for information security

Answer 33

5.1 #Preventive

Question 34

Screening

Answer 34

6.1 #Preventive

Question 35

Capacity management

Answer 35

8.6 #Preventive #Detective

Question 36

User endpoint devices

Answer 36

8.1 #Preventive

Question 37

Threat intelligence

Answer 37

5.7 #Preventive #Detective #Corrective

Question 38

Independent review of information security

Answer 38

5.35 #Preventive #Corrective

Question 39

Authentication information

Answer 39

5.17 #Preventive

Question 40

Management of technical vulnerabilities

Answer 40

8.8 #Preventive

Question 41

Secure disposal or re-use of equipment

Answer 41

7.14 #Preventive

Question 42

Use of cryptography

Answer 42

8.24 #Preventive

Question 43

Working in secure areas

Answer 43

7.6 #Preventive

Question 44

Collection of evidence

Answer 44

5.28 #Corrective

Question 45

Documented operating procedures

Answer 45

5.37 #Preventive #Corrective

Question 46

Protection of information systems during audit testing

Answer 46

8.34 #Preventive

Question 47

Clear desk and clear screen

Answer 47

7.7 #Preventive

Question 48

Test information

Answer 48

8.33 #Preventive

Question 49

Physical entry

Answer 49

7.2 #Preventive

Question 50

Monitoring, review, and change management of supplier services

Answer 50

5.22 #Preventive

Question 51

Redundancy of information processing facilities

Answer 51

8.14 #Corrective

Question 52

Labelling of information

Answer 52

5.13 #Preventive

Question 53

Network security

Answer 53

8.20 #Preventive #Detective

Question 54

Classification of information

Answer 54

5.12 #Preventive

Question 55

Acceptable use of information and other associated assets

Answer 55

5.10 #Preventive

Question 56

Physical security monitoring

Answer 56

7.4 #Preventive #Detective

Question 57

Confidentiality or non-disclosure agreements

Answer 57

6.6 #Preventive

Question 58

Contact with special interest groups

Answer 58

5.6 #Preventive #Corrective

Question 59

Information backup

Answer 59

8.13 #Corrective

Question 60

Web filtering

Answer 60

8.23 #Preventive

Question 61

Information security incident management planning and preparation

Answer 61

5.24 #Corrective

Question 62

Management responsibilities

Answer 62

5.4 #Preventive

Question 63

Secure system architecture and engineering principles

Answer 63

8.27 #Preventive

Question 64

Addressing information security within supplier agreements

Answer 64

5.20 #Preventive

Question 65

Equipment siting and protection

Answer 65

7.8 #Preventive

Question 66

Application security requirements

Answer 66

8.26 #Preventive

Question 67

Intellectual property rights

Answer 67

5.32 #Preventive

Question 68

Outsourced development

Answer 68

8.30 #Preventive #Detective

Question 69

Learning from information security incidents

Answer 69

5.27 #Preventive

Question 70

Terms and conditions of employment

Answer 70

6.2 #Preventive

Question 71

Data leakage prevention

Answer 71

8.12 #Preventive #D

Question 72

Segregation of duties

Answer 72

5.3 #Preventive

Question 73

Information transfer

Answer 73

5.14 #Preventive

Question 74

Privileged access rights

Answer 74

8.2 #Preventive

Question 75

Information security in supplier relationships

Answer 75

5.19 #Preventive

Question 76

Identity management

Answer 76

5.16 #Preventive

Question 77

Change management

Answer 77

8.32 #Preventive

Question 78

Supporting utilities

Answer 78

7.11 #Preventive #Detective

Question 79

Access to source code

Answer 79

8.4 #Preventive

Question 80

Protecting against physical and environmental threats

Answer 80

7.5 #Preventive

Question 81

Monitoring activities

Answer 81

8.16 #Detective #Corrective

Question 82

Logging

Answer 82

8.15 #Detective

Question 83

Equipment maintenance

Answer 83

7.13 #Preventive

Question 84

ICT readiness for business continuity

Answer 84

5.30 #Corrective

Question 85

Inventory of information and other associated assets

Answer 85

5.9 #Preventive

Question 86

Information access restriction

Answer 86

8.3 #Preventive

Question 87

Information deletion

Answer 87

8.10 #Preventive

Question 88

Clock synchronization

Answer 88

8.17 #Detective

Question 89

Cabling security

Answer 89

7.12 #Preventive

Question 90

Disciplinary process

Answer 90

6.4 #Preventive #Corrective

Question 91

Information security during disruption

Answer 91

5.29 #Preventive #Corrective

Question 92

Securing offices, rooms, and facilities

Answer 92

7.3 #Preventive

Question 93

Privacy and protection of PII

Answer 93

5.34 #Preventive