Isaca CISA Quiz 239 Topic 2 Questions 1191-1195

Question: 1

The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

Aalignment of the IT activities with IS audit recommendations.

Benforcement of the management of security risks.

Cimplementation of the chief information security officer's (CISO) recommendations.

Dreduction of the cost for IT security.

Show Answer

Question: 2

An IS auditor who is reviewing incident reports discovers that, in one instance, an important

document left on an employee's desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?

AStricter controls should be implemented by both the organization and the cleaning agency.

BNo action is required since such incidents have not occurred in the past.

CA clear desk policy should be implemented and strictly enforced in the organization.

DA sound backup policy for all important office documents should be implemented.

Show Answer

Question: 3

During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

ACreate an IT risk management department and establish an IT risk framework with the aid of external risk management experts.

BUse common industry standard aids to divide the existing risk documentation into several individual risks which will be easier to handle.

CNo recommendation is necessary since the current approach is appropriate for a medium-sized organization.

DEstablish regular IT risk management meetings to identify and assess risks, and create a mitigation plan as input to the organization's risk management.

Show Answer

Question: 4

The IT balanced scorecard is a business governance tool intended to monitor IT performance evaluation indicators other than:

Afinancial results.

Bcustomer satisfaction.

Cinternal process efficiency.

Dinnovation capacity.

Show Answer

Question: 5

Before implementing an IT balanced scorecard, an organization must:

Adeliver effective and efficient services.

Bdefine key performance indicators.

Cprovide business value to IT projects.

Dcontrol IT expenses.

Show Answer

Isaca CISA Quiz:239 Topic:2 Questions:1191-1195