The use of which of the following would BEST enhance a process improvement program?
Correct Answer: C
Explanation Capability maturity models (CMMs) are frameworks that help organizations assess and improve their processes in various domains, such as software development, project management, service delivery, and cybersecurity1. CMMs define different levels of process maturity, from initial to optimized, and describe the characteristics and best practices of each level. By using CMMs, organizations can benchmark their current processes against a common standard, identify gaps and weaknesses, and implement improvement actions to achieve higher levels of process maturity2. CMMs can also help organizations align their processes with their strategic goals, measure their performance, and increase their efficiency, quality, and customer satisfaction3. Therefore, the use of CMMs would best enhance a process improvement program, as they provide a systematic and structured approach to evaluate and improve processes based on proven principles and practices. Option C is the correct answer. Option A is not correct because model-based design notations are graphical or textual languages that help designers specify, visualize, and document the structure and behavior of systems4. While they can be useful for designing and communicating complex systems, they do not directly address the process improvement aspect of a program. Option B is not correct because balanced scorecard is a strategic management tool that helps organizations translate their vision and mission into measurable objectives and indicators. While it can be useful for monitoring and evaluating the performance of a program, it does not provide specific guidance on how to improve processes. Option D is not correct because project management methodologies are sets of principles and practices that help organizations plan, execute, and control projects. While they can be useful for managing the scope, schedule, cost, quality, and risk of a program, they do not focus on the process improvement aspect of a program. References: Guide to Process Maturity Models2 What is CMMI? A model for optimizing development processes1 Capability Maturity Model (CMM): A Definitive Guide3 Model-Based Design Notations4 Balanced Scorecard Project Management Methodologies
Question 722
Which of the following would be the MOST effective method to identify high risk areas in the business to be included in the audit plan?
Correct Answer: C
Question 723
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
Correct Answer: D
Explanation Information security policies and procedures are the foundation of an organization's information security program. They define the roles, responsibilities, rules, and standards for protecting information assets from unauthorized access, use, disclosure, modification, or destruction. The most important factor when developing information security policies and procedures is to align them with an information security framework that provides a comprehensive and consistent approach to managing information security risks. An information security framework can also help ensure compliance with relevant regulations, inclusion of mission and objectives, and consultation with security staff. However, these factors are secondary to alignment with an information security framework. References: CISA Certification | Certified Information Systems Auditor | ISACA, CISA Review Manual (Digital Version)
Question 724
An organization has recently implemented a Voice-over IP (VoIP) communication system. Which of the following should be the IS auditor's PRIMARY concern?
Correct Answer: C
Question 725
The phases and deliverables of a system development life cycle (SDLC) project should be determined:
Correct Answer: A
Section: Protection of Information Assets Explanation: It is extremely important that the project be planned properly and that the specific phases and deliverables be identified during the early stages of the project.
