An IS auditor is assessing the results of an organization's post-implementation review of a newly developed
information system. Which of the following should be the auditor's MAIN focus?

• A.The procurement contract has been closed.
• B.Lessons learned have been identified.
• C.The disaster recovery plan has been updated.
• D.Benefits realization analysis has been completed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

• A.Continuous monitoring of an information security risk profile
• B.Evaluating the provider's security incident response plan
• C.Requiring periodic self-assessment by the provider
• D.Ensuring the provider's roles and responsibilities are established

Comment: *

Name: *

Email: *

Verification: *

In the context of effective information security governance, the primary objective of value delivery is to:

• A.optimize security investments in support of business objectives.
• B.implement a standard set of security practices.
• C.institute a standards-based solution.
• D.implement a continuous improvement culture.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor performing an application development review attends development team meetings.
The IS auditor's independence will be compromised if the IS auditor:

• A.re-performs test procedures used by the development team.
• B.assists in developing an integrated test facility (ITF) on the system.
• C.designs and executes the user's acceptance test plan.
• D.reviews the result of systems tests that were performed by the development team.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST source of information for examining the classification of new data?

• A.Input by data custodians
• B.Security policy requirements
• C.Risk assessment results
• D.Current level of protection

Comment: *

Name: *

Email: *

Verification: *