The development of an IS security policy is ultimately the
responsibility of the:
A. IS department.
B. security committee.
C. security administrator.
D. board of directors.
- 1 Answers
- 7893 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Normally the designing of an information systems security
policy is the responsibility of top management or the board
of directors. The IS department is responsible for the
execution of the policy, having no authority in framing the
policy. The security committee also functions within the
broad security policy framed by the board of directors. The
security administrator is responsible for implementing,
monitoring and enforcing the security rules that management
has established and authorized.
| Is This Answer Correct ? | 4 Yes | 0 No |
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. the receiver's private key and encrypting the message using the sender's public key. D. the receiver's public key and encrypting the message using the sender's private key.
E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
The primary purpose of an audit charter is to: A. document the audit process used by the enterprise. B. formally document the audit department's plan of action. C. document a code of professional conduct for the auditor. D. describe the authority and responsibilities of the audit department.
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
Which of the following is the most important element in the design of a data warehouse? A. Quality of the metadata B. Speed of the transactions C. Volatility of the data D. Vulnerability of the system
Which of the following would be considered a business risk? A. Former employees B. Part-time and temporary personnel C. Loss of competitive edge D. Hackers
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities.
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Cisco Certifications 
