Which of the following is MOST important to include in security awareness training?
This is according to the ISACA's IS Auditing Guideline G15 on Security Awareness Training, which states that security awareness training should include 'an understanding of the types of suspicious activity and the appropriate response to them'.
A bank wants to outsource a system to a cloud provider residing in another country. Which of the following would be the MOST appropriate IS audit recommendation?
The most appropriate IS audit recommendation for a bank that wants to outsource a system to a cloud provider residing in another country is to ensure the provider's internal control system meets bank requirements. This is because the cloud provider will be handling the bank's data, so it is important to ensure that the provider has appropriate controls in place to protect the data and to ensure its integrity. Additionally, the provider should have policies and procedures in place to ensure the security and privacy of the data, as well as to ensure compliance with applicable laws and regulations. For more information, please refer to the ISACA CISA Study Guide section 4.13.2.2.
Which of the following is the BEST point in time to conduct a post-implementation review?
The best point in time to conduct a post-implementation review is after a full processing cycle. A post-implementation review is conducted to verify that the implemented system meets the original requirements and that it is operating as intended. Therefore, it is important to wait until the system has gone through a full processing cycle, so that any errors or issues can be identified and addressed. This allows the organization to make sure that the system is stable and reliable before it is put into production.
During a project audit, an IS auditor notes that project reporting does not accurately reflect current progress. Which of the following is the GREATEST resulting impact?
Which of the following provides the MOST useful information to an IS auditor when selecting projects for inclusion in an IT audit plan?
The project business case provides the IS auditor with information on the purpose and objectives of the project, the expected costs and benefits of the project, and the possible risks associated with the project. This information can be used to help the IS auditor determine if the project is worth including in the IT audit plan. For more information, please refer to the ISACA CISA Study Guide section 4.12.2.1.
Currently there are no comments in this discussion, be the first to comment!