When an information security policy has been designed, it is
MOST important that the information security policy be:
A. stored offsite.
B. written by IS management.
C. circulated to users.
D. updated frequently.
Answer / guest
Answer: C
To be effective, an information security policy should reach
all members of the staff. Storing the security policy
offsite or in a safe place may be desirable but of little
value if its contents are not known to the organization's
employees. The information security policy should be written
by business unit managers including IS, but not exclusively
IS managers. Updating the information security policy is
important but will not assure its dissemination.
Is This Answer Correct ? | 6 Yes | 0 No |
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
The application test plans are developed in which of the following systems development life cycle (SDLC) phases? A. Design B. Testing C. Requirement D. Development
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing