ISMS Introduction Puzzle

2. The organization shall evaluate the information security performance and the _______ of the ISMS
5. Need to demonstrate leadership and commitment with respect to the ISMS
6. In the risk treatment process, this document must be produced before formulating an information security treatment plan
10. A potential cause of an unwanted incident, which may result in harm to a system or organization
11. Combination of the probability of an event and its consequences
13. The organization shall determine interested parties that are relevant to the ISMS and the requirements of these interested parties relevant to information security. the above statement is described under Clause x.x Understanding the needs and ______________of interested parties.
15. The organization shall continually improve the __________________, adequacy and effectiveness of the ISMS.

1. Contains the control objectives and controls to help in the information security risk treatment process
3. Ensuring that information is accessible only to those authorized to access
4. Excluding any of the requirements specified in Clause 4 to 10 is not acceptable when an organization claims ______to this International Standard
7. The organization shall ensure that the information security risk assessments produce consistent, valid and ________ results.
8. Is conducted at planned intervals to ensure the suitability, adequacy and effectiveness of ISMS
9. Shall be conducted by the organization at planned intervals to provide information on whether the ISMS conforms to the organization’s own requirements for its ISMS and the requirements of the ISO27001 standards.
12. The organization shall determine the boundaries and applicability of the ISMS to establish its
14. Documented information of external _______, determined by the organization to be necessary for the planning and operation of the ISMS, shall be identified as appropriate, and controlled