Explore from hundreds of CISA answers ... Read Moreto your puzzling CISA questions. Join our community of millions of wisdom seekers from across the world. We have hundreds of Q&A categories with interesting answers. Ask just about any question that you do not find in our library or help someone by providing your best answer.
Option B is correct - Report the risk associated with such process to IT steering committee.
If the IS auditor notice that the project team is skipping the validation and verification process to meet up with deadline, the risk of such cases should be reported to the IT steering...
Read More

3 Answers

When an organization outsources it IS sources it is important that certain functions are performed by the IS management. Perhaps the most important function of the IS management is monitoring the outsourcing providers performance. This is because in an outsourcing environment the company is...Read More

3 Answers

The OSI model is included in the computer software systems within the computers. The main function with the OSI model involves communication. This model contains many layers that perform certain functions. With these layers, each layer assists the layer that is above it. This helps with the...Read More

3 Answers

C. Security awareness programs

Because social engineering is based on deception of the user, the best countermeasure or defense is a security awareness program. The other choices are not user-focused.

3 Answers

Enterprise requirements drive security requirements. Information safety governance is all of the tools, personnel, and business processes that guarantee that security is carried out to connect with an organization's specific needs. It balances the use of security and information. These po...Read More

2 Answers

A. The extent of acceptable system downtime.

The RTO is a measure of the users tolerance to downtime. This is the amount of downtime of the business process that the business can tolerate and still remain viable .RTO is basically extent of system downtime that is acceptable by the...
Read More

2 Answers

If an organization already has its IT security baseline defined you need to see if it is sufficient for the level of data present. You need to check its sufficiency. The auditor should evaluate the minimum baseline security that is required by the IT business. He should include the level of...Read More

2 Answers

C. one person knowing all parts of a system.

Cross-training is a process of training more than one individual to perform a specific job or procedure. This practice helps decrease the dependence on a single person and assists in succession planning. This provides for the backup of...
Read More

2 Answers

B. Very low RTO, close to zero

The RTO is a measure of the users tolerance to downtime. In case of critical systems, generally RTO is zero or near to zero. Low RTO indicates that system should be resumed at the earliest. For example, if RTO is 2 hours, system should be resumed within 2...
Read More

2 Answers

The auditor should be aware of the point wherein the data flow can be exercised throughout the system. If the auditor would not do this then the purpose will not be hit. It is not proper to do B because there are times when corrective controls are also considered to be important. C is not...Read More

2 Answers

Loading, please wait...

Email Sent
We have sent an email to your address "" with instructions to reset your password.