An IS auditor reviewing the risk assessment process of an organization should FIRST:

seenagapeApril 26, 2014

PrepAway - Latest Free Exam Questions & Answers

A.
identify the reasonable threats to the information assets.

B.
analyze the technical and organizational vulnerabilities.

C.
identify and rank the information assets.

D.
evaluate the effect of a potential security breach.

Explanation:
Identification and ranking of information assets-e.g., data criticality, locations of assets-will set the
tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the
threats facing each of the organization’s assets should be analyzed according to their value to the
organization. Third, weaknesses should be identified so that controls can be evaluated to
determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of
given controls, would impact the organization information assets.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

An IS auditor reviewing the risk assessment process of an organization should FIRST:

Leave a Reply Cancel reply