D. Compensating controls
Compensating controls are internal controls that are intended to reduce the risk of an existing or potential control weakness that may arise when duties cannot be appropriately segregated. Overlapping controls are two controls addressing the same control objective or exposure Since primary controls cannot be achieved when duties cannot or are not appropriately ...
A. Accountability for the corporate security policy
Explanation: Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.
A. monitors systems performance and tracks problems resulting from program changes.
The responsibilities of a telecommunications analyst include reviewing network load requirements in terms of current and future transaction volumes (choice B), assessing the impact of network load or terminal response times and network data transfer rates (choice C), and recommending network balancing ...
Detection risks are directly affected by the auditors selection of audit procedures and techniques. Inherent risks usually are not affected by the IS auditor. Control risks are controlled by the actions of the companys management. Business risks are not affected by the IS auditor.
A. security requirements driven by enterprise requirements.
Information security governance, when properly implemented, should provide four basic outcomes. They are strategic alignment, value delivery, risk management and performance measurement. Strategic alignment provides input for security requirements driven by enterprise requirements. Value delivery provides a standard set of ...
D. The organization has decided that a project steering committee is not required.
Even in a small project, the lack of a project steering committee represents the absence of a fundamental control. The project initiation document captures the initial scope and structure of the project, and it is not practical to keep it updated, as changes to the project can be captured through change ...
A. there is an integration of IS and business staffs within projects.
Explanation: The integration of IS and business staff in projects is an operational issue and should be considered while reviewing the short-range plan. A strategic plan would provide a framework for the IS short-range plan. Choices B, C and D are areas covered by a strategic plan.
C. appropriate levels of protection are applied to information assets.
On the basis of risk assessment, assets are classified according to its criticality. Then appropriate level of security is provided to data as per classification.
If vulnerabilities are not properly identified, controls and audit planning may not be relevant. Vulnerabilities are a key element in the conduct of a risk analysis.
B. reduce the opportunity for an employee to commit an improper or illegal act.
The correct answer is: B. reduce the opportunity for an employee to commit an improper or illegal act. Explanation: Required vacations/holidays of a week or more duration in which someone other than the regular employee performs the job function is often mandatory for sensitive positions. This reduces the ...
You are following 0 persons.
You have 1 followers.