When developing a risk management program, what is the FIRST activity to be performed?

Which of the following is a mechanism for mitigating risks?

An IS auditor was hired to review e-business security. The IS auditor’s first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task?

The output of the risk management process is an input for making:

The risks associated with electronic evidence gathering would MOST likely be reduced by an e- mail:

Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:

An organization has outsourced its help desk activities. An IS auditor’s GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:

Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations?

While conducting an audit of a service provider, an IS auditor observes that the service provider has outsourced a part of the work to another provider. Since the work involves confidential information, the IS auditor’s PRIMARY concern shouldbe that the:

With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?