The amount of risk an organization is willing to accept in pursuit of its mission is known as

• A.Risk tolerance
• B.Risk acceptance
• C.Risk transfer
• D.Risk mitigation

Comment: *

Name: *

Email: *

Verification: *

The formal certification and accreditation process has four primary steps, what are they?

• A.Evaluating, describing, testing and authorizing
• B.Evaluating, purchasing, testing, authorizing
• C.Auditing, documenting, verifying, certifying
• D.Discovery, testing, authorizing, certifying

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

• A.Demonstrate executive support with written mandates for security policy adherence
• B.Perform increased audits of security processes and procedures
• C.Provide clear communication of security requirements throughout the organization
• D.Create collaborative risk management approaches within the organization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a benefit of a risk-based approach to audit planning?

• A.Resources are allocated to the areas of the highest concern
• B.Scheduling may be performed months in advance
• C.Budgets are more likely to be met by the IT audit staff
• D.Staff will be exposed to a variety of technologies

Comment: *

Name: *

Email: *

Verification: *

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

• A.The asset is more expensive than the remediation
• B.The asset being protected is less valuable than the remediation costs
• C.The remediation costs are irrelevant; it must be implemented regardless of cost.
• D.The audit finding is incorrect

Comment: *

Name: *

Email: *

Verification: *