Information is one of the most valuable assets in any organization. It is the utmost priority of every organization and to protect and guard information that is in their possession jealously. Today, qualified Certified Information Systems Auditor is forced to acknowledge the need to share information safely in the IT world. This quiz is aimed at testing your ability on CISA auditing.
Response
Correction
Detection
Monitoring
They are distributed and available to all staff
Security and control policies support business and IT objectives.
There is a published organisational chart with functional descriptions.
Duties are appropriately segregated.
User management coordination does not exist
Specific user accountability cannot be established
Audit recommendations may not be implemented
Unauthorised users may have access to originate, modify or delete data
Are developed for the organisation as a whole.
Are more likely to be derived as a result of a risk assessment.
Will not conflict with overall corporate policy.
Will not conflict with overall corporate policy.
Establishment of a review board.
Creation of a security unit.
Effective support of an executive sponsor
Selection of a security process owner
IS department
Security committee
Security administrator
Board of directors.
Incorporates state of the art technology.
Addresses the required operational controls
Articulates the IT mission and vision
Specifies project management practices.
An assessment of the fit of the organisation's application portfolio with business objectives
Actions to reduce hardware procurement cost.
A listing of approved suppliers of IT contract resources.
A description of the technical architecture for the organisation's network perimeter security.
Users' ability to submit queries to the database
Users' ability to directly modify the database.
Users' ability to indirectly modify the database
Users' ability to directly view the database
To identify and prevent intrusion attempts to a network.
To prevent intrusion attempts to a network
Forensic incident response
To identify intrusion attempts to a network