Security audit reviews should PRIMARILY:
A.
ensure that controls operate as required.
B.
ensure that controls are cost-effective.
C.
focus on preventive controls.
D.
ensure controls are technologically current.
Explanation:
The primary objective of a security review or audit should be to provide assurance on the
adequacy of security controls. Reviews should focus on all forms of control, not just on preventive
control. Cost-effectiveness and technological currency are important but not as critical.