Based on ISO/IEC 27001, what areas within the organization require establishing rules, procedures, and agreements for information transfer?

You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

The purpose of control 5.9 inventory of Information and other associated assets of ISO/IEC 27001 is to identify organization's information and other associated assets in order to preserve their information security and assign ownership. Which of the following actions docs NOT fulfill this purpose? 

Responsibilities for information security in projects should be defined and allocated to: 

Scenario 8: SunDee is a biopharmaceutical firm headquartered in California, US. Renowned for its pioneering

work in the field of human therapeutics, SunDee places a strong emphasis on addressing critical healthcare

concerns, particularly in the domains of cardiovascular diseases, oncology, bone health, and inflammation.

SunDee has demonstrated its commitment to data security and integrity by maintaining an effective

information security management system (ISMS) based on ISO/IEC 27001 for the past two years.

In preparation for the recertification audit, SunDee conducted an internal audit. The company's top

management appointed Alex, who has actively managed the Compliance Department's day-to-day operations  for the last six months, as the internal auditor. With this dual role assignment, Alex is tasked with conducting

an audit that ensures compliance and provides valuable recommendations to improve operational efficiency.

During the internal audit, a few nonconformities were identified. To address them comprehensively, the

company created action plans for each nonconformity, working closely with the audit team leader.

SunDee's senior management conducted a comprehensive review of the ISMS to evaluate its appropriateness,

sufficiency, and efficiency. This was integrated into their regular management meetings. Essential documents,

including audit reports, action plans, and review outcomes, were distributed to all members before the

meeting. The agenda covered the status of previous review actions, changes affecting the ISMS, feedback,

stakeholder inputs, and opportunities for improvement. Decisions and actions targeting ISMS improvements

were made, with a significant role played by the ISMS coordinator and the internal audit team in preparing

follow-up action plans, which were then approved by top management.

In response to the review outcomes, SunDee promptly implemented corrective actions, strengthening its

information security measures. Additionally, dashboard tools were introduced to provide a high-level

overview of key performance indicators essential for monitoring the organization's information security

management. These indicators included metrics on security incidents, their costs, system vulnerability tests,

nonconformity detection, and resolution times, facilitating effective recording, reporting, and tracking of

monitoring activities. Furthermore, SunDee embarked on a comprehensive measurement process to assess the

progress and outcomes of ongoing projects, implementing extensive measures across all processes. The top

management determined that the individual responsible for the information, aside from owning the data that

contributes to the measures, would also be designated accountable for executing these measurement activities.

Based on the scenario above, answer the following question:

Based on scenario 8, which of the following dashboards did SunDee utilize?