Study tips CISA

When reviewing an organization’s strategic IT plan an IS auditor should expect to find:

The advantage of a bottom-up approach to the development of organizational policies is that the policies:

Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

The PRIMARY objective of an audit of IT security policies is to ensure that:

The rate of change in technology increases the importance of:

The IS auditor should conclude that:

The development of an IS security policy is ultimately the responsibility of the:

Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?

Which of the following should be included in an organization’s IS security policy?

Which of the following is the initial step in creating a firewall policy?