Which of the following IS processes provide indirect information?
Each correct answer represents a complete solution. Choose three.
A.
Post-implementation reviews of program changes
B.
Security log monitoring
C.
Problem management
D.
Recovery testing
Explanation:
Security log monitoring, Post-implementation reviews of program changes, and Problem
management provide indirect information. Security log monitoring provide indirect information
about certain controls in the security environment, particularly when used to analyze the source of
failed access attempts.
Post-implementation reviews of program changes provide indirect information about the
effectiveness of internal controls over the development process.
Problem management provide indirect information about the effectiveness of several different IS
processes that may ultimately be determined to be the source of incidents.
Answer D is incorrect. Recovery testing is the direct evidence that the redundancy or backup
controls work effectively. It doesn’t provide any indirect information.