Which of the following is the GREATEST risk of an inade…
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of
data and systems?
The advantage of a bottom-up approach to the developmen…
The advantage of a bottom-up approach to the development of organizational policies is that the
policies:
When reviewing an organization’s strategic IT plan an I…
When reviewing an organization’s strategic IT plan an IS auditor should expect to find:
When developing a formal enterprise security program, t…
When developing a formal enterprise security program, the MOST critical success factor (CSF)
would be the:
When reviewing the IT strategic planning process, an IS…
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
To aid management in achieving IT and business alignmen…
To aid management in achieving IT and business alignment, an IS auditor should recommend the
use of:
which level of ranking in the information security gove…
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT
security risk and impact analysis is consistently performed. This represents which level of ranking
in the information security governance maturity model?
When reviewing IS strategies, an IS auditor can BEST as…
When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the
organizations’ business objectives by determining if IS:
An IS auditor reviewing an organization’s IT strategic …
An IS auditor reviewing an organization’s IT strategic plan should FIRST review:
Which of the following would an IS auditor consider to …
Which of the following would an IS auditor consider to be the MOST important when evaluating an
organization’s IS strategy? That it: