In ISO/IEC 27001, what must organizations define regarding cryptography?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

In ISO/IEC 27001, what must organizations define regarding cryptography?

Explanation:
In ISO / IEC 27001, cryptography is managed through policies and controls that are tailored to the organization’s risk. The requirement is to define technical and organizational measures appropriate to the identified risks. This means not just picking a single algorithm or key length, but establishing a formal approach that covers how cryptographic controls are used, who can authorize them, how keys are generated and managed, where encryption is applied, and how those decisions align with data classifications, regulatory requirements, and business needs. The emphasis is on a risk-based framework that guides both the selection and the governance of cryptographic practices, including key management, rather than isolated choices like algorithms, key lengths, or data-at-rest methods alone.

In ISO / IEC 27001, cryptography is managed through policies and controls that are tailored to the organization’s risk. The requirement is to define technical and organizational measures appropriate to the identified risks. This means not just picking a single algorithm or key length, but establishing a formal approach that covers how cryptographic controls are used, who can authorize them, how keys are generated and managed, where encryption is applied, and how those decisions align with data classifications, regulatory requirements, and business needs. The emphasis is on a risk-based framework that guides both the selection and the governance of cryptographic practices, including key management, rather than isolated choices like algorithms, key lengths, or data-at-rest methods alone.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy