which level of ranking in the information security governance maturity model?
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT
security risk and impact analysis is consistently performed. This represents which level of ranking
in the information security governance maturity model?
To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
To aid management in achieving IT and business alignment, an IS auditor should recommend the
use of:
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
When developing a formal enterprise security program, the MOST critical success factor (CSF)
would be the:
When reviewing an organization’s strategic IT plan an IS auditor should expect to find:
When reviewing an organization’s strategic IT plan an IS auditor should expect to find:
The advantage of a bottom-up approach to the development of organizational policies is that the policies:
The advantage of a bottom-up approach to the development of organizational policies is that the
policies:
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and syste
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of
data and systems?
The PRIMARY objective of an audit of IT security policies is to ensure that:
The PRIMARY objective of an audit of IT security policies is to ensure that:
The rate of change in technology increases the importance of:
The rate of change in technology increases the importance of:
The IS auditor should conclude that:
An IS auditor finds that not all employees are aware of the enterprise’s information security policy.
The IS auditor should conclude that: