To support an organization’s goals, an IS department should have:

Which of the following is normally a responsibility of the chief security officer (CSO)?

Which of the following is a risk of cross-training?

Which of the following is the BEST performance criterion for evaluating the adequacy of an organization’s
security awareness training?

To gain an understanding of the effectiveness of an organization’s planning and management of investments in
IT assets, an IS auditor should review the:

Which of the following activities performed by a database administrator (DBA) should be performed by a
different person?

Which of the following reduces the potential impact of social engineering attacks?

An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:

When segregation of duties concerns exist between IT support staff and end users, what would be a suitable
compensating control?

An IS auditor should be concerned when a telecommunication analyst: