Interested to Buy Any Domain ? << Click Here >> for more details...
During an IT audit of a large bank, an IS auditor observes
that no formal risk assessment exercise has been carried out
for the various business applications to arrive at their
relative importance and recovery time requirements. The risk
that the bank is exposed to is that the:
A. business continuity plan may not have been calibrated to
the relative risk that disruption of each application poses
to the organization.
B. business continuity plan may not include all relevant
applications and therefore may lack completeness in terms of
its coverage.
C. business impact of a disaster may not have been
accurately understood by the management.
D. business continuity plan may lack an effective ownership
by the business owners of such applications.
- 1 Answers
- 7052 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The first and key step in developing a business continuity
plan is a risk assessment exercise that analyzes the various
risks that an organization faces and the impact of
non-availability of individual applications. Section 4.9.1.2
of BS 7799 (Standard on Information Security Management )
states that ?a strategy plan, based on appropriate risk
assessment, shall be developed for overall approach to
business continuity.?
| Is This Answer Correct ? | 3 Yes | 0 No |
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
Which of the following is the basic objective of a control self-assessment program?
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but not the certificate authorities. B. Customers can make their transactions from any computer or mobile device. C. The certificate authority has several data processing subcenters to administrate certificates. D. The organization is the owner of the certificate authority.
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
A critical function of a firewall is to act as a: A. special router that connects the Internet to a LAN. B. device for preventing authorized users from accessing the LAN. C. server used to connect authorized users to private trusted network resources. D. proxy server to increase the speed of access to authorized users.
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the: A. newly designed business process has key controls in place. B. changed process will affect organization structure, finances and personnel. C. roles for suppliers have been redefined. D. process has been documented before and after reengineering.
Which of the following would be the LEAST likely indication that complete or selected outsourcing of IS functions should be considered? A. The applications development backlog is greater than three years. B. It takes one year to develop and implement a high-priority system. C. More than 60 percent of programming costs are spent on system maintenance. D. Duplicate information systems functions exist at two sites.
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
Cisco Certifications 
