Interested to Buy Any Domain ? << Click Here >> for more details...
During an IT audit of a large bank, an IS auditor observes
that no formal risk assessment exercise has been carried out
for the various business applications to arrive at their
relative importance and recovery time requirements. The risk
that the bank is exposed to is that the:
A. business continuity plan may not have been calibrated to
the relative risk that disruption of each application poses
to the organization.
B. business continuity plan may not include all relevant
applications and therefore may lack completeness in terms of
its coverage.
C. business impact of a disaster may not have been
accurately understood by the management.
D. business continuity plan may lack an effective ownership
by the business owners of such applications.
- 1 Answers
- 6865 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The first and key step in developing a business continuity
plan is a risk assessment exercise that analyzes the various
risks that an organization faces and the impact of
non-availability of individual applications. Section 4.9.1.2
of BS 7799 (Standard on Information Security Management )
states that ?a strategy plan, based on appropriate risk
assessment, shall be developed for overall approach to
business continuity.?
| Is This Answer Correct ? | 3 Yes | 0 No |
The PKI element that manages the certificate life cycle, including certificate directory maintenance and certificate revocation list (CRL) maintenance and publication is the: A. certificate authority. B. digital certificate. C. certification practice statement. D. registration authority.
An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as: A. middleware. B. firmware. C. application software. D. embedded systems.
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
The use of object-oriented design and development techniques would MOST likely: A. facilitate the ability to reuse modules. B. improve system performance. C. enhance control effectiveness. D. speed up the system development life cycle.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to: A. advise senior management of the risk involved. B. agree to work with the security officer on these shifts as a form of preventative control. C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement. D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred.
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion
When implementing and application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
Cisco Certifications 
