The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:
An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing
organization has discovered the following:
-The existing disaster recovery plan was compiled two years earlier by a systems analyst in the
organization's IT department using transaction flow projections from the operations department.
-The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their
attention.
- the plan has never been updated, tested or circulated to key management and staff, though interviews
show that each would know what action to take for its area in the event of a disruptive incident.
The IS auditor's report should recommend that:
A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?
Which of the following could an IS auditor recommend to improve the estimated resources required in system development?
