2.
Where would you find R-cubed’s Information Security objectives?
3.
As part of our ISO27001 certification, we have to assess a number of information security risks and make sure we have plans in place to manage them. How many risks have we assessed?
4.
We have a suite of policies and procedures relating to how we look after data at R-cubed. You know the ones - you’ve read them all and keep yourself up to date with any changes to the policies. Where would you find them?
5.
Our information security policy is based on three principles, whose initials happen to be C, I and A. What does CIA stand for?
6.
ISO27001 details a number of controls we must have in place to keep out certification. How many are there?
7.
Who is the lead Data Protection Officer in the business?
8.
What are the chances that the external auditor will ask to talk you about your understanding of our Information Security Management System?