#1) Select the best choice. For security controls, gap analysis
involves comparing the present state of
controls with a desired state of controls. At a minimum, common
baseline
security controls should be in place. Any gaps to various types of
controls should
be clearly documented, for example - "Information security
responsibilities",
which:
a. Defines the program to provide initial and ongoing security
education across
the organization.
b. Reduces risk from known vulnerabilities being exploited.
c. Defines how staff will execute upon the policies, assign
responsibilities, and
promote accountability.
d. Ensures security-related events are communicated and acted upon
to allow
corrective action to be taken by security staff.
#2) Select the best choice. What type of auditing framework
combines traditional operational
related audits (PCI DSS specific audit, for example) with
information technology
related audits (NIST systems audit, for example)?
a. ISO/IEC 27001
b. integrated audit
c. auditing standard No. 5
d. NIST 800-53A
SOLUTION-(1):-
(c) Defines how staff will execute
upon the policies, assign responsibilities, and
promote accountability.
EXPLANATION:- "Information security responsibilities" defines how staff will execute upon the policies, assign responsibilities, and promote accountability. "Information security awareness, education and training" defines the program to provide initial and ongoing security education across the organization. "Vulnerability management" reduces risk from known vulnerabilities being exploited. "Security incident management" ensures security-related events are communicated and acted upon to allow corrective action to be taken by security staff.
Therefore, option(c) is the correct answer and other options are wrong.
SOLUTION-(2):- (b) integrated audit
EXPLANATION:- Integrated auditing framework combines traditional operational related audits (PCI DSS specific audit) with information technology related audits (NIST systems audit). Integrated auditing is a methodology that combines the operational audit function, the financial audit function, and the Information technology audit function. In other words, we can say that an integrated audit framework recognizes the relationship between information technology, financial and operational controls in order to establish an effective and efficient internal control domain. Therefore, option(b) is the correct answer and other options are irrelevant.
=======================================================================
#1) Select the best choice. For security controls, gap analysis involves comparing the present state of...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
5-1 -2 -4 545. Multiple Choice Questions Select the best answer for each of the following questions. Explain the reasons for your selection a. Which of the following is not a financial statement assertion made by management? (1) Existence of recorded assets and liabilities. (2) Completeness of recorded assets and liabilities. (3) Valuation of assets and liabilities. (4) Effectiveness of internal control b. Which of the following business characteristics is not indicative of high inherent risk? (1) Operating results that...