In assessing the degree to which an organization may be affected by new privacy legislation, information secur
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:
Which of the following controls should be implemented in the EDI interface to provide for efficient data mappi
A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?
The MOST appropriate owner of customer data stored in a central database, used only by an organization’s
The MOST appropriate owner of customer data stored in a central database, used only by an organization’s sales department, would be the:
To determine the selection of controls required to meet business objectives, an information security manager s
To determine the selection of controls required to meet business objectives, an information security manager should:
The initial validation process would MOST likely:
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to re
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:
When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:
When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:
Which of the following would be the MOST relevant factor when defining the information classification policy?
Which of the following would be the MOST relevant factor when defining the information classification policy?
The PRIMARY reason for initiating a policy exception process is when:
The PRIMARY reason for initiating a policy exception process is when: