Comprehensive and Detailed Explanation:
According to ISO/IEC 27035-1:2016 and ISO/IEC 27001:2022, when defining the scope of an information security incident management system, organizations must consider all forms of information—whether digital or physical—that are relevant to the business. Incidents can affect hardcopy (e.g., paper-based records) and electronic data (e.g., emails, files), so both must be included in the scope assessment.
[Reference:, , ISO/IEC 27001:2022, Clause 4.3: “The scope shall consider interfaces and dependencies between activities performed by the organization and those that are outsourced.”, , ISO/IEC 27035-1:2016, Clause 4.2.1: “Information in all formats—including printed or written—should be protected.”, , Correct answer: C, , —, ]
Submit