PrepAway - Latest Free Exam Questions & Answers

An IS auditor reviewing the risk assessment process of …

An IS auditor reviewing the risk assessment process of an organization should FIRST:

PrepAway - Latest Free Exam Questions & Answers

A.
identify the reasonable threats to the information assets.

B.
analyze the technical and organizational vulnerabilities.

C.
identify and rank the information assets.

D.
evaluate the effect of a potential security breach.

Explanation:
Identification and ranking of information assets-e.g., data criticality, locations of assets-will set the
tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the
threats facing each of the organization’s assets should be analyzed according to their value to the
organization. Third, weaknesses should be identified so that controls can be evaluated to determine
if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given
controls, would impact the organization information assets.


Leave a Reply