Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
An IT audit is being performed and includes an assessment of the company's governance model. Which of the following findings raises the highest concern?
The organization's information security policy is not periodically reviewed by senior management.
A policy to validate that systems are patched in a timely manner does not exist.
An organizational policy and procedure related to malware protection does not exist.
The audit committee did not review or approve the global mission statement.
A. Data security policies should be reviewed/refreshed once every year to reflect changes in the organization's environment. Policies are fundamental to the organization's governance structure, and therefore this is the greatest concern. B. While it is a concern that there is no policy related to system patching, the greater concern is that the information security policy is not reviewed periodically by senior management. C. Mission statements tend to be long term because they are strategic in nature and are established by the board of directors and management. This is not the IS auditor's greatest concern because proper governance oversight could lead to meeting the objectives of the organization's mission statement. D. While it is a concern that there is no policy related to malware protection, the greater concern is that the security policy is not reviewed periodically by senior management.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.