Which of the following is MOST critical for the successful implementation and maintenance of a
security policy?

A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy
enforcement, monitoring and:

In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:

To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:

A top-down approach to the development of operational policies will help ensure:

Which of the following would MOST likely indicate that a customer data warehouse should remain
in-house rather than be outsourced to an offshore operation?

A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial
numbers for all products. Which of the following is the PRIMARY concern associated with this
initiative?

When developing a security architecture, which of the following steps should be executed FIRST?

An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within
90 days of termination. The IS auditor should:

An IS auditor is reviewing a project to implement a payment system between a parent bank and a
subsidiary. The IS auditor should FIRST verify that the: