Management decided to accept the residual risk of an audit finding and not take the recommended actions.
The internal audit team believes the acceptance is inappropriate and has discussed the situation with
executive management. After this discussion, there is still disagreement regarding the decision. Which of
the following is the BEST course of action by internal audit?
An IS auditor should be concerned when a telecommunication analyst:
Who should be responsible for network security operations?
Machines that operate as a closed system can NEVER be eavesdropped.
When conducting a review of security incident management, an IS auditor found there are no defined escalation processes All Incidents are managed by the service desk Which ol the following should be the auditor's PRIMARY concern?
