Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?
Specific controls are tailored security controls chosen based on risk assessments, industry best practices, and regulatory requirements. These align with ISO/IEC 27001:2022 Annex A controls, which organizations select based on their risk landscape.
The question is literally the definition of the general control (yes, on basis of the literature)
Even more, specific controls are "automatic controls in a specific information system".
So its answer A
ISO/IEC 27001 Annex A provides a comprehensive list of information security controls. However, it's not a prescriptive "must-do" list. Organizations are required to conduct a risk assessment and then select the controls from Annex A (and potentially other sources) that are relevant to their specific risks and operational environment.
"Specific controls" refers to these chosen controls that are tailored to the organization's unique needs, often drawing from various sources beyond just Annex A, or even defining new controls as necessary.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GilseGeorge
1 week, 4 days agoPkooi
3 weeks, 1 day ago71b126a
3 weeks, 4 days agoCyza
5 months, 3 weeks agoROCTW
6 months, 1 week agohussain_rj2
10 months, 2 weeks ago