In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?

Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.

After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

The FIRST step in managing the risk of a cyber-attack is to:

Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditors GREATEST concern should be that the users might:

The MAIN criterion for determining the severity level of a service disruption incident is:

Which of the following would be an indicator of the effectiveness of a computer security incident response team?

An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if: