Which of the following should be the MOST important consideration when deciding areas of priority for IT
governance implementation?

As a driver of IT governance, transparency of IT’s cost, value and risks is primarily achieved through:

Which of the following should be considered FIRST when implementing a risk management program?

An IS auditor is reviewing an IT security risk management program. Measures of security risk should:

An IS auditor reviewing the risk assessment process of an organization should FIRST:

A poor choice of passwords and transmission over unprotected communications lines are examples of:

To address the risk of operations staff’s failure to perform the daily backup, management requires that the
systems administrator sign off on the daily backup. This is an example of risk:

Assessing IT risks is BEST achieved by:

Which of the following does a lack of adequate security controls represent?

A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk.
To evaluate the potential losses, the team should: