When designing metrics for information security, the MOST important consideration is that the metrics:

• A.apply to all business units.
• B.track trends over time.
• C.are easy to understand.
• D.provide actionable data.

Comment: *

Name: *

Email: *

Verification: *

An organization's software develops need access to personally identifiable information (PII) stored in a
particular data format. Which of the following would be the BEST way to protect this sensitive information
while allowing the developers to use it in development and test environments?

• A.Data masking
• B.Data encryption
• C.Data tokenization
• D.Data abstraction

Comment: *

Name: *

Email: *

Verification: *

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

• A.Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date
• B.Trace a sample of program change from the log to completed PCR forms
• C.Trace a sample of complete PCR forms to the log of all program changes
• D.Review a sample of PCRs for proper approval throughout the program change process

Comment: *

Name: *

Email: *

Verification: *

Which of ihe following is the BEST way to control scope creep during application system development?

• A.Involve key stakeholders.
• B.Implement a quality management system.
• C.Establish key performance indicators (KPIs).
• D.Implement project steering committee review.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing the perimeter security design of a network. Which of the following provides the GREATEST assurance outgoing Internet traffic is controlled?

• A.Load balancer
• B.Security information and event management (SIEM) system
• C.Stateful firewall
• D.Intrusion detection system (IDS)

Comment: *

Name: *

Email: *

Verification: *