Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
Correct Answer: C
Question 592
Organization A has a Software as a Service Agreement (SaaS) with Organization B. The software is vital to Organization A. Which of the following would provide the GREATEST assurance that the application can be recovered in the event of a disaster?
Correct Answer: C
Section: Protection of Information Assets
Question 593
Which of the following is the BEST source for describing the objectives of an organization s information systems?
Correct Answer: B
Question 594
.After an IS auditor has identified threats and potential impacts, the auditor should:
Correct Answer: A
After an IS auditor has identified threats and potential impacts, the auditor should then identify and evaluate the existing controls.
Question 595
Who is responsible for restricting and monitoring access of a data user?
Correct Answer: D
Section: Protection of Information Assets Explanation/Reference: Security administrator are responsible for providing adequate and logical security for IS programs, data and equipment. For CISA exam you should know below roles in an organization Data Owners - These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible. Data Custodian or Data Steward - These people are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators. Security Administrator-Security administrator are responsible for providing adequate physical and logical security for IS programs, data and equipment. Data Users - Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator. The following were incorrect answers: Data Owner - These peoples are generally managers and directors responsible for using information for running and controlling the business. Data Users - Data users, including internal and external user community, are the actual user of computerized data. Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number 361
