Which of the following BEST indicates that an organization's risk management practices contribute to the effectiveness of internal IS audits?

• A.The audit department follows the same reporting format used by the IT risk function.
• B.The audit department utilizes the corporate risk register.
• C.The audit team participates in risk scenario development workshops.
• D.The audit department uses the existing risk analysis templates.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?

• A.IT steering committee
• B.Audit best practices
• C.Audit charier
• D.Information security policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indication that an information security program is effective?

• A.The number of reported and confirmed security incidents has increased after awareness training.
• B.The security awareness program was developed following industry best practices.
• C.The security team has performed a risk assessment to understand the organization's risk appetite.
• D.The security team is knowledgeable and uses the best available tools.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an objective of data transfer controls?

• A.To ensure access control lists are accurately and completely maintained
• B.To ensure the data is backed up on a regular basis
• C.To ensure receiving data fields have been configured according to the structure of the transmitted data
• D.To ensure there are sufficient dedicated resources in place to facilitate data transfer

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST prevent an arbitrary application of a patch?

• A.Network based access controls
• B.Database access control
• C.Change management
• D.Established maintenance windows

Comment: *

Name: *

Email: *

Verification: *