Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

• A.Security policy documents are available on a public domain website.
• B.The security policy has not been reviewed within the past year.
• C.Security policies are not applicable across all business units.
• D.End users are not required to acknowledge security policy training.

Comment: *

Name: *

Email: *

Verification: *

Which of the following presents the GREATEST challenge to the alignment of business and IT?

• A.Insufficient IT budget to execute new business projects
• B.Lack of chief information officer (CIO) involvement in board meetings
• C.An IT steering committee chaired by the chief information officer (CIO)
• D.Lack of information security involvement in business strategy development

Comment: *

Name: *

Email: *

Verification: *

Which of the following risk scenarios is BEST addressed by implementing policies and procedures related to full disk encryption?

• A.Unauthorized logical access to information through an application interface
• B.Physical theft of media on which information is stored
• C.Data leakage as a result of employees leaving to work for competitors
• D.Noncompliance fines related to storage of regulated information

Comment: *

Name: *

Email: *

Verification: *

A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

• A.Identifying data security threats in the affected jurisdiction
• B.Reviewing data classification procedures associated with the affected jurisdiction
• C.Developing an inventory of all business entities that exchange personal data with the affected jurisdiction
• D.Identifying business processes associated with personal data exchange with the affected jurisdiction

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST critical for the effective implementation of IT governance?

• A.Supportive corporate culture
• B.Internal auditor commitment
• C.Strong risk management practices
• D.Documented policies

Comment: *

Name: *

Email: *

Verification: *