An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?

When an organization is outsourcing their information security function, which of the following should be kept in the organization?

To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?

An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?

When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?

The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

When installing an intrusion detection system (IDS), which of the following is MOST important?

Regarding a disaster recovery plan, the role of an IS auditor should include:

A lower recovery time objective (RTO) results in: