Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

• A.User management coordination does not exist.
• B.Specific user accountability cannot be established.
• C.Unauthorized users may have access to originate, modify or delete data.
• D.Audit recommendations may not be implemented.

Comment: *

Name: *

Email: *

Verification: *

To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

• A.the company policy be changed.
• B.passwords are periodically changed.
• C.an automated password management tool be used.
• D.security awareness training is delivered.

Comment: *

Name: *

Email: *

Verification: *

The business case for an IS project has changed during the course of the project due to new requirements being added. What should be done NEXT?

• A.The project should go through the formal reapproval process.
• B.The changes to the business case should be documented in the project plan.
• C.Additional resources should be allocated to the project due to the new requirements.
• D.Project stakeholders should be notified of the changes.

Comment: *

Name: *

Email: *

Verification: *

.Parity bits are a control used to validate:

• A.Data authentication
• B.Data completeness
• C.Data source
• D.Data accuracy

Comment: *

Name: *

Email: *

Verification: *

The MAJOR advantage of the risk assessment approach over the baseline approach to information
security management is that it ensures:

• A.information assets are overprotected.
• B.a basic level of protection is applied regardless of asset value.
• C.appropriate levels of protection are applied to information assets.
• D.an equal proportion of resources are devoted to protecting all information assets.

Comment: *

Name: *

Email: *

Verification: *