Socket Inc. has implemented a control for the effective use of cryptography and cryptographic key management. Is this compliant with ISO/IEC 27001? Refer to scenario 3.
Socket Inc. has implemented a control for the effective use of cryptography and cryptographic key management. Is this compliant with ISO/IEC 27001? Refer to scenario 3.
The answer here is B B. Yes, the control for the effective use of the cryptography can include cryptographic key management Notes Cryptography is a Preventative control Clause 8.2 Use of Cryptography To ensure proper and effective use of cryptography to protect the confidentiality, authenticity or integrity of information according to business and information security requirements and taking into consideration legal, statutory, regulatory and contractual requirements related to cryptography. Should have a topic specific policy for cryptography which includes rules for key management (d)
Oops - Looks like I picked the wrong checkbox :-)
Annex A.8.24 of ISO/IEC 27001 speaks to the "Use of cryptography" and highlights the following deliverables: - Cryptographic Policy - Key Management - Legal and regulatory compliance The scenario makes mention of the regulatory, legislative, key management and the company implementing rule for the effective use of cryptography (policy). This checks all the boxes making B the answer.