Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?

• A.Administrative
• B.Technical
• C.Operational
• D.Management

Comment: *

Name: *

Email: *

Verification: *

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

• A.Inform senior management of the risk involved.
• B.Develop a computer assisted audit technique to detect instances of abuses of the arrangement.
• C.Review the system log for each of the late night shifts to determine whether any irregular actions occurred.
• D.Agree to work with the security officer on these shifts as a form of preventative control.

Comment: *

Name: *

Email: *

Verification: *

Risk appetite is typically determined by which of the following organizational functions?

• A.Board of Directors
• B.Business units
• C.Audit and compliance
• D.Security

Comment: *

Name: *

Email: *

Verification: *

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

• A.The CISO should cut other essential programs to ensure the new solution's continued use
• B.Implement the solution and ask for the increased operating cost budget when it is time
• C.Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
• D.Defer selection until the market improves and cash flow is positive

Comment: *

Name: *

Email: *

Verification: *

Why is it vitally important that senior management endorse a security policy?

• A.So that external bodies will recognize the organizations commitment to security.
• B.So that they can be held legally accountable.
• C.So that employees will follow the policy directives.
• D.So that they will accept ownership for security within the organization.

Comment: *

Name: *

Email: *

Verification: *