An organization's information security department has recently created a centralized governance model to ensure that network-related findings are remediated within the service level agreement (SLA). What should the IS auditor use to assess the maturity and capability of this governance model?

• A.Key performance indicators (KPIs)
• B.Key risk indicators (KRIs)
• C.Key data elements
• D.Key process controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

• A.increase the time allocated for system testing
• B.implement formal software inspections
• C.increase the development staff
• D.Require the sign-off of all project deliverables

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?

• A.To prevent confidential data loss
• B.To comply with legal and regulatory requirements
• C.To identify data at rest and data in transit for encryption
• D.To provide options to individuals regarding use of their data

Comment: *

Name: *

Email: *

Verification: *

In the course of performing a risk analysis, an IS auditor has identified threats and
potential impacts. Next, the IS auditor should:

• A.identify and assess the risk assessment process used by management.
• B.identify information assets and the underlying systems.
• C.disclose the threats and impacts to management.
• D.identify and evaluate the existing controls.

Comment: *

Name: *

Email: *

Verification: *

When introducing a maturity model to the IT management process, it is BEST to align the maturity level to a point that reflects which of the following?

• A.Minimum cost expenditure level
• B.Industry standard practice level
• C.Ideal business production level
• D.Maximum risk tolerance level

Comment: *

Name: *

Email: *

Verification: *