PrepAway - Latest Free Exam Questions & Answers

An IS auditor evaluating logical access controls should FIRST:

An IS auditor evaluating logical access controls should FIRST:

PrepAway - Latest Free Exam Questions & Answers

A.
document the controls applied to the potential access paths to the system.

B.
test controls over the access paths to determine if they are functional.

C.
evaluate the security environment in relation to written policies and practices

D.
obtain an understanding of the security risks to information processing.

Explanation:

When evaluating logical access controls, an IS auditor should first obtain an understanding of the
security risks facing information processing by reviewing relevant documentation, by inquiries, and
by conducting a risk assessment. Documentation andevaluation is the second step in assessing
the adequacy, efficiency and effectiveness, thus identifying deficiencies or redundancy in controls.
The third step is to test the access paths-to determine if the controls are functioning. Lastly, thelS
auditor evaluates the security environment to assess its adequacy by reviewing the written
policies, observing practices and comparing them to appropriate security best practices.


Leave a Reply