The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

An IS auditor who is reviewing incident reports discovers that, in one instance, an important document left on an employees desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?

During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organizations operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

The IT balanced scorecard is a business governance tool intended to monitor IT performance evaluation indicators other than:

Before implementing an IT balanced scorecard, an organization must:

Which of the following is the PRIMARY objective of an IT performance measurement process?

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

Documentation of a business case used in an IT development project should be retained until:

Which of the following risks could result from inadequate software baselining?

The most common reason for the failure of information systems to meet the needs of users is that: