An organization plans to launch a social media presence as part of a new customer service campaign.
Which of the following is the MOST significant risk from the perspective of potential litigation?

• A.The policy stating what employees can post on the organization's behalf is unclear.
• B.Access to corporate-sponsored social media accounts requires only single-factor authentication.
• C.Approved employees can use personal devices to post on the company's behalf.
• D.There is a lack of clear procedures for responding to customers on social media outlets.

Comment: *

Name: *

Email: *

Verification: *

To help ensure the organization s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

• A.The policy specifies requirements to safeguard information assets based on their importance to the organization
• B.The policy is subject to periodic reviews to ensure its provisions are up to date
• C.The policy has been mapped against industry frameworks for classifying information assets.
• D.The policy is owned by the head of information security, who has the authority to enforce the policy.

Comment: *

Name: *

Email: *

Verification: *

To BEST determine if a project is successfully addressing business requirements while managing the associated risk, which of the following should an IS auditor expect to find at each significant milestone?

• A.Post-implementation review with affected parties
• B.A revised business impact and risk analysis
• C.Formal acceptance by appropriate stakeholders
• D.Comprehensive end user acceptance testing

Comment: *

Name: *

Email: *

Verification: *

An IS auditor doing penetration testing during an audit of internet connections would:

• A.evaluate configurations.
• B.examine security settings.
• C.ensure virus-scanning software is in use.
• D.use tools and techniques available to a hacker.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to verify when implementing an organization's information security program?

• A.The security program is adequately funded in the budget.
• B.The security program has been benchmarked to industry standards.
• C.The organization's security strategy is documented and approved.
• D.The IT department has developed and implemented training programs.

Comment: *

Name: *

Email: *

Verification: *