Memory cues
| Control | Cue |
|---|---|
| A.6.7 Remote Working | Remote work needs location, device, data, access, and behavior controls |
| A.6.8 Information Security Event Reporting | Suspected events must be easy and timely to report |
What the exam is likely testing
- Remote working is broader than VPN or remote access.
- Remote work controls include physical environment, endpoint, secure connection, access, asset inventory, user awareness, and non-work use.
- Remote access should be limited to information needed for the authorized task.
- Event reporting includes observed or suspected events, not only confirmed incidents.
- “No events reported” does not prove the reporting process works.
- Users should not exploit or probe weaknesses to prove them.
- Event reporting feeds event assessment, incident response, lessons learned, and external notification decisions.
Quick distinction
| Question | A.6.7 | A.6.8 |
|---|---|---|
| Main concern | Protecting information outside organization premises | Getting suspected events reported quickly |
| Main evidence | Remote work register, risk assessment, device/security controls | Reporting procedure, channels, forms, event register |
| Main trap | Treating VPN as the whole control | Treating reporting as full incident response |
| Related A.5 controls | Access, assets, classification, transfer | Incident assessment, response, learning |
Practical mentor takeaway
Last-day cue
A.6.7 protects information when work leaves the office. A.6.8 makes sure suspicious events get reported before damage grows.
- Iso27001
- Exam
- People controls
- Remote working
- Event reporting
Note Metadata
Aliases: A.6.7 A.6.8 exam cues
Source: 09-Exam-Preparation/EXAM-019-Remote-Working-and-Event-Reporting.md