Comprehensive and Detailed Explanation From Exact Extract ISO/IEC 27002:2022 standards:
Annex A, control 6.8 (Information security event reporting) specifies:
“Information security events should be reported through appropriate management channels as quickly as possible. The organization should require all employees and contractors to note and report any observed or suspected information security events.”
This wording confirms that the required reporting covers“observed or suspected events.”Specific event types like information disclosure (A) or unauthorized access (B) are examples but not the broad requirement. Asset disposal (C) is addressed separately under equipment lifecycle controls (Annex A.7.14).
Therefore, the verified correct answer isD: Observed or suspected events.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit