An IS auditor finds that not all employees are aware of the
enterprise's information security policy. The IS auditor
should conclude that:
A. this lack of knowledge may lead to unintentional
disclosure of sensitive information.
B. information security is not critical to all functions.
C. IS audit should provide security training to the employees.
D. the audit finding will cause management to provide
continuous training to staff.
Answer Posted / guest
Answer: A
All employees should be aware of the enterprise's
information security policy to prevent unintentional
disclosure of sensitive information. Training is a
preventive control. Security awareness programs for
employees can prevent unintentional disclosure of sensitive
information to outsiders.
Is This Answer Correct ? | 4 Yes | 0 No |
Post New Answer View All Answers