UnixTime

Research Note

EXAM-019 - Remote Working and Event Reporting

- Remote working is broader than VPN or remote access. - Remote work controls include physical environment, endpoint, secure connection, access, asset inventory, user awareness,...

On this page

Memory cues

Control Cue
A.6.7 Remote Working Remote work needs location, device, data, access, and behavior controls
A.6.8 Information Security Event Reporting Suspected events must be easy and timely to report

What the exam is likely testing

  • Remote working is broader than VPN or remote access.
  • Remote work controls include physical environment, endpoint, secure connection, access, asset inventory, user awareness, and non-work use.
  • Remote access should be limited to information needed for the authorized task.
  • Event reporting includes observed or suspected events, not only confirmed incidents.
  • “No events reported” does not prove the reporting process works.
  • Users should not exploit or probe weaknesses to prove them.
  • Event reporting feeds event assessment, incident response, lessons learned, and external notification decisions.

Quick distinction

Question A.6.7 A.6.8
Main concern Protecting information outside organization premises Getting suspected events reported quickly
Main evidence Remote work register, risk assessment, device/security controls Reporting procedure, channels, forms, event register
Main trap Treating VPN as the whole control Treating reporting as full incident response
Related A.5 controls Access, assets, classification, transfer Incident assessment, response, learning

Practical mentor takeaway

Last-day cue

A.6.7 protects information when work leaves the office. A.6.8 makes sure suspicious events get reported before damage grows.

  • Iso27001
  • Exam
  • People controls
  • Remote working
  • Event reporting

Note Metadata

Aliases: A.6.7 A.6.8 exam cues

Source: 09-Exam-Preparation/EXAM-019-Remote-Working-and-Event-Reporting.md