.What is the first step in a business process re-engineering project?

• A.Identifying current business processes
• B.Forming a BPR steering committee
• C.Defining the scope of areas to be reviewed
• D.Reviewing the organizational strategic plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition development and implementation process?

• A.There is no process tor post-implementation approval of emergency changes.
• B.Data owners are not darned on the use of data conversion tools
• C.System deployment is routinely performed by contractors
• D.There is no system documentation available for review

Comment: *

Name: *

Email: *

Verification: *

While reviewing an organization s business continuity plan (BCP) an IS auditor observes that a recently developed application is not included. The IS auditor should:

• A.ensure that the criticality of the application is determined
• B.ignore the observation as the application is not mission critical.
• C.include m the audit findings that the BCP is incomplete
• D.recommend that the application b# incorporated in the BCP.

Comment: *

Name: *

Email: *

Verification: *

During a post-incident review of a security breach, what type of analysis should an IS auditor expect to be performed by the organization's information security team?

• A.Gap analysis
• B.Business impact analysis (BIA)
• C.Qualitative risk analysis
• D.Root cause analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

• A.Security policy documents are available on a public domain website.
• B.Security policies are not uniformly applicable across the organization
• C.Buy-in from system owners to support the policies is inadequate
• D.End users are not required to acknowledge security policy training.

Comment: *

Name: *

Email: *

Verification: *