In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:

In an organization where an IT security baseline has been defined, an IS auditor should FIRST
ensure:

In an organization where an IT security baseline has been defined, an IS auditor should FIRST
ensure:

A.
implementation.

B.
compliance.

C.
documentation.

D.
sufficiency.

Explanation:

An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the

sufficiency of controls. Documentation, implementation and compliance are further steps.

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

5 × five =

Gramesh

Gramesh

I think it should be B
check if complied then check for sufficiency of baseline controls.

Reply

Lorie

Lorie

Answer is D. D. An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of the control baseline to meet security requirements.

Reply