CISA Quiz - Week1

Response

Correction

Detection

Monitoring

IS department.

security committee.

security administrator.

board of directors.

this lack of knowledge may lead to unintentional disclosure of sensitive information.

information security is not critical to all functions.

IS audit should provide security training to the employees.

the audit finding will cause management to provide continuous training to staff.

outsourcing the IS function.

implementing and enforcing good processes.

hiring personnel willing to make a career within the organization.

meeting user requirements.

they are distributed and available to all staff.

security and control policies support business and IT objectives.

there is a published organizational chart with functional descriptions.

duties are appropriately segregated.

User management coordination does not exist.

Specific user accountability cannot be established.

Unauthorized users may have access to originate, modify or delete data.

Audit recommendations may not be implemented.

are developed for the organization as a whole.

are more likely to be derived as a result of a risk assessment.

will not conflict with overall corporate policy.

ensure consistency across the organization.

an assessment of the fit of the organization's application portfolio with business objectives.

actions to reduce hardware procurement cost.

a listing of approved suppliers of IT contract resources.

a description of the technical architecture for the organization's network perimeter security.

establishment of a review board.

creation of a security unit.

effective support of an executive sponsor.

selection of a security process owner.

incorporates state of the art technology.

addresses the required operational controls.

articulates the IT mission and vision.

specifies project management practices.