Which of the following is MOST important to determine when conducting an audit Of an organization's data privacy practices?

• A.Whether a disciplinary process is established for data privacy violations
• B.Whether strong encryption algorithms are deployed for personal data protection
• C.Whether privacy technologies are implemented for personal data protection
• D.Whether the systems inventory containing personal data is maintained

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

• A.Compliance with industry best practice
• B.Alignment with the IT tactical plan
• C.Business objectives
• D.IT steering committee minutes

Comment: *

Name: *

Email: *

Verification: *

What should an IS auditor do FIRST when management responses
to an in-person internal control questionnaire indicate a key internal
control is no longer effective?

• A.Ascertain the existence of other compensating controls.
• B.Verify the impact of the control no longer being effective.
• C.Validate the overall effectiveness of the internal control.
• D.Determine the resources required to make the control
  effective.

Comment: *

Name: *

Email: *

Verification: *

Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

• A.Cluster sampling
• B.Random sampling
• C.Classification
• D.Deviation detection

Comment: *

Name: *

Email: *

Verification: *

An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?

• A.The number of users clicking on the link to learn more about the sender of the email
• B.The number of users reporting receipt of the email to the information security team
• C.The number of users deleting the email without reporting because it is a phishing email
• D.The number of users forwarding the email to their business unit managers

Comment: *

Name: *

Email: *

Verification: *