PrepAway - Latest Free Exam Questions & Answers

The PRIMARY objective of an audit of IT security policies is to ensure that:

The PRIMARY objective of an audit of IT security policies is to ensure that:

PrepAway - Latest Free Exam Questions & Answers

A.
they are distributed and available to all staff.

B.
security and control policies support business and IT objectives.

C.
there is a published organizational chart with functional descriptions.

D.
duties are appropriately segregated.

Explanation:

Business orientation should be the main theme in implementing security. Hence, an IS audit of IT
security policies should primarily focus on whether the IT and related security and control policies
support business and IT objectives. Reviewing whether policies are available to all is an objective,
but distribution does not ensure compliance. Availability of organizational charts with functional
descriptions and segregation of duties might be included in the review, but are not the primary
objective of an audit of security policies.


Leave a Reply