What should the is auditor ensure first?in an organization where an - ProProfs Discuss
Topics-
Products +
     

What should the IS auditor ensure first?
In an organization where an IT security baseline has been defined



A. implementation.
B. compliance.
C. documentation.
D. sufficiency.

This question is part of CISA-Mock Test - Domain 2 (100 Questions)
Asked by Hemangdoshi on Jun 21, 2018

+ AnswerRequest Answer
...

2 Answers

L. Sevigny

L. Sevigny
Doctor, Las Vegas

Answered on Sep 26, 2018

If an organization already has its IT security baseline defined you need to see if it is sufficient for the level of data present. You need to check its sufficiency. The auditor should evaluate the minimum baseline security that is required by the IT business. He should include the level of controls and the data in the estimate.

Once he has a value that is sufficient for the level of controls present he can then figure out if the present IT security baseline is up to the mark. After that he needs to document, implement and check the compliance to make sure that everything is in order.

 Reply

hemangdoshi

Hemangdoshi

Answered on Jun 21, 2018

D. sufficiency.

Explanation: The auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of controls. Documentation, implementation and compliance are further steps.
 Reply

Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer

Email Sent
We have sent an email to your address "" with instructions to reset your password.