An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?
Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
To gain an understanding of the effectiveness of an organization’s planning and management of investments in IT assets, an IS auditor should review the:
Which of the following is the BEST performance criterion for evaluating the adequacy of an organization’s security awareness training?