UnixTime

Domain guide

What this domain covers

Study notes and control distinction cues for ISO 27001, ISO 27002, and ISO 27005 learning paths.

41 resources

Guide + resources

Grouped resources

Guide notes

Implementation context, reference notes, and explanatory material.

1 item
Framework note 03 mins read

ISO 27001 Clauses 4-10 vs Annex A

1. Clauses 4-10 — mandatory ISMS management-system requirements. 2. Annex A controls — a reference set of information security controls used for risk treatment and the Statement...

ISO27001 ISO27002 iso27001 isms

Controls

Control-level notes and control-domain references.

1 item

Exam prep

Study notes and distinction cues for certification preparation.

39 items
Research note 02 mins read

EXAM-016 - People Controls: Screening and Employment Terms

- Screening must be lawful, ethical, proportional, and risk-based. - Screening applies to employees, contractors, temporary staff, and third-party users in ISMS scope. - Candida...

ISO27001 ISO27002 exam iso27001
Research note 01 min read

EXAM-017 - Awareness, Education and Training

A.6.3 Information Security Awareness Education and Training asks whether the right people receive the right security knowledge at the right time, with updates when things change.

ISO27001 exam iso27001 people-controls
Research note 01 min read

EXAM-018 - Disciplinary, Termination, and Confidentiality

- A.6.4 requires a formalized and communicated disciplinary process, not ad hoc manager action. - A.6.4 should be evidence-based, fair, consistent, and proportionate. - A.6.5 co...

ISO27001 exam iso27001 people-controls
Research note 01 min read

EXAM-019 - Remote Working and Event Reporting

- Remote working is broader than VPN or remote access. - Remote work controls include physical environment, endpoint, secure connection, access, asset inventory, user awareness,...

ISO27001 exam iso27001 people-controls
Research note 01 min read

EXAM-020 - Physical Perimeters and Entry

- A.7.1 is about defined and used security perimeters. - A.7.2 is about entry controls and access points for secure areas. - Physical controls protect confidentiality, integrity...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-021 - Room Security and Physical Monitoring

- A.7.3 is risk-based physical design for offices, rooms, and facilities. - A.7.3 includes avoiding visible clues to sensitive targets, such as server-room signs or exposed dire...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-022 - Environmental Threats, Secure Areas, and Clear Desk

- A.7.5 is not just fire safety; it covers physical and environmental threats to infrastructure. - A.7.5 should link to risk assessment, specialist advice, and business continui...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-023 - Equipment Siting and Protection

- A.7.8 is broader than server room protection. - Equipment siting includes workstations, network devices, terminals, screens, communications equipment, and remote equipment. -...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-024 - Off-Premises Assets and Storage Media

- A.7.9 is not only remote access. It includes equipment, documents, data, software, paper, mobile devices, BYOD, custody, and return. - A.7.9 allows risk acceptance where off-s...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-025 - Supporting Utilities

- A.7.11 is not only electricity. - UPS or generator existence is weak unless capacity, runtime, maintenance, and tests match documented requirements. - Cooling must be included...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-026 - Cabling, Maintenance, and Equipment Disposal

- A.7.12 is not just tidy cable management; it covers interception, interference, and damage. - A.7.13 is not only availability; maintenance can expose data or introduce tamperi...

ISO27001 exam iso27001 physical-controls
Research note 01 min read

EXAM-028 - Source Code, Authentication, and Capacity

- A.8.4 includes development tools and software libraries, not only Git repositories. - Read access to source code can still be sensitive because it reveals system design and co...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-029 - Malware Protection

- Antivirus installation alone is not enough. - Malware risk is not limited to Windows endpoints. - User awareness is explicitly part of the control. - Automatic cleaning still...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-030 - Vulnerability and Configuration Management

- A.8.8 is not just scanning or patching. - Vulnerability remediation should be risk-based and verified by retest. - Penetration testing supplements vulnerability management; it...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-031 - Deletion and Data Masking

- A.8.10 is not only physical media destruction. - Retention policy alone is weak without deletion evidence. - Items awaiting destruction still need protection. - Masking is not...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-032 - DLP and Backup

- DLP is not just a tool. - DLP requires knowing sensitive data and approved flows. - False positives affect DLP effectiveness. - Backup job success is not restore success. - Ba...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-033 - Redundancy and Logging

- A.8.14 does not require full redundancy for every system. - Backup is not the same as redundancy. - Cloud resilience still needs design and testing evidence. - A.8.15 is not o...

ISO27001 exam iso27001 technological-controls
Research note 01 min read

EXAM-034 - Monitoring Activities

- Treating log collection as full monitoring. - Assuming vendor default detection rules are sufficient. - Treating every alert as an incident without triage. - Ignoring monitori...

ISO27001 exam iso27001 monitoring
Research note 01 min read

EXAM-035 - Software Installation and Network Security

- Treating developer skill as a substitute for production change control. - Assuming emergency production changes do not need records. - Treating licence and support checks as u...

ISO27001 exam iso27001 software-installation
Research note 01 min read

EXAM-036 - Network Services, Segregation, and Web Filtering

- Treating provider service use as provider-owned risk. - Treating uptime SLAs as full network service security. - Treating perimeter firewalls as sufficient segregation. - Assu...

ISO27001 exam iso27001 network-services
Research note 01 min read

EXAM-037 - Use of Cryptography

- Assuming encryption alone satisfies the control. - Ignoring key lifecycle management. - Treating public keys and certificates as needing no integrity protection. - Selecting s...

ISO27001 exam iso27001 cryptography
Research note 01 min read

EXAM-038 - Secure Development and Architecture

- Treating secure SDLC as only code scanning. - Treating acquired applications as outside application security requirements. - Treating architecture principles as generic slogan...

ISO27001 exam iso27001 secure-development
Research note 01 min read

EXAM-039 - Secure Coding and Security Testing

- Treating secure SDLC as identical to secure coding. - Treating automated tools as complete proof of secure coding. - Treating functional testing as security testing. - Leaving...

ISO27001 exam iso27001 secure-coding
Research note 01 min read

EXAM-040 - Outsourced Development and Environment Separation

- Assuming a supplier contract alone satisfies outsourced development control. - Treating supplier security as fully delegated. - Accepting supplier deliverables based only on f...

ISO27001 exam iso27001 outsourced-development
Research note 01 min read

EXAM-041 - Change Test Information and Audit Testing

- Treating approval alone as full change management. - Treating emergency changes as exempt from control. - Treating test data as low risk because it is outside production. - Ig...

ISO27001 exam iso27001 change-management
Research note 01 min read

EXAM-014 - Records, Privacy, and PII

These controls are easy to confuse because both involve retained information. The exam distinction is purpose: records protection is about preserving required records; privacy/P...

ISO27001 exam iso27001 privacy
Research note 01 min read

EXAM-015 - Assurance, Compliance, and Operating Procedures

These controls close the A.5 organizational control set by checking whether the ISMS is independently reviewed, whether policies and standards are followed, and whether operatin...

ISO27001 exam iso27001 assurance
Framework note 01 min read

EXAM-001 - Clauses 4-10 vs Annex A

The exam often tests whether you understand the difference between mandatory management-system requirements and risk-selected controls.

ISO27001 ISO27002 exam iso27001
Research note 01 min read

EXAM-002 - Statement of Applicability

The Statement of Applicability explains which Annex A controls apply, which do not, why those decisions were made, and whether selected controls are implemented.

ISO27001 exam iso27001
Research note 01 min read

EXAM-005 - Responsibility vs Accountability

Roles and responsibilities must be defined, communicated, accepted, and kept current. Managers remain accountable for ensuring security requirements are followed in their area.

ISO27001 exam iso27001
Research note 01 min read

EXAM-008 - Supplier and Cloud Control Distinctions

Supplier and cloud controls overlap in practice, but the exam often tests the distinction between supplier risk management, contractual requirements, supply chain dependencies,...

ISO27001 exam iso27001
Research note 01 min read

EXAM-010 - Incident Management Planning

Incident management planning defines roles, reporting paths, escalation, communications, evidence handling, recovery coordination, and lessons learned before an incident occurs.

ISO27001 exam iso27001
Research note 01 min read

EXAM-011 - Incident Management Lifecycle

A.5.24 to A.5.28 form a practical lifecycle for incident management. Each control tests a different part of the lifecycle.

ISO27001 exam iso27001 incident-management
Research note 01 min read

EXAM-012 - Continuity Security and ICT Readiness

A.5.29 and A.5.30 are related but not interchangeable. One protects security during disruption; the other ensures ICT availability and recovery capability.

ISO27001 exam iso27001 continuity
Research note 01 min read

EXAM-013 - Legal, IP, and Contractual Compliance

These controls are compliance-heavy. The exam may test whether the organization can prove obligations are known, current, owned, mapped to controls, and evidenced.

ISO27001 exam iso27001 compliance

Deep links

Link to this domain with /research/iso27001/exam-preparation/ . Link directly to exact notes from any resource card above.