Tingnan ang lahat ng mga set ng pag-aaral

Final Exam - Chapter 1

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The internal audit function may be outsourced to an external consulting firm. A. True B. False

Whereas only qualified auditors perform security audits, anyone may do security assessments. A. True B. False

NIST 800-53A provides ________.

A guide for assessing security controls

A security assessment is a method for proving the strength of security systems. A. True B. False

Which of the following is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker? A. Policy review B. Penetration test C. Standards review D. Controls audit E. Vulnerability scan

Noncompliance with regulatory standards may result in which of the following? A. Brand damage B. Fines C. Imprisonment D. All of the above E. B and C only

At all levels of an organization, compliance is closely related to which of the following? A. Governance B. Risk management C. Government D. Risk assessment E. Both A and B F. Both C and D

Which one of the following is true with regard to audits and assessments? A. Assessments typically result in a pass or fail grade, whereas audits result in a list of recommendations to improve controls. B. Assessments are attributive and audits are not. C. An audit is typically a precursor to an assessment. D. An audit may be conducted independently of an organization, whereas internal IT staff always conducts an IT security assessment. E. Audits can result in blame being placed upon an individual.

An IT security audit is an ________ assessment of an organization's internal policies, controls, and activities.

Independent

Some regulations are subject to ________, which means even if there wasn't intent of noncompliance, an organization can still incur large fines.

Strict Liability

Which of the following best describes an audit used to determine if a Fortune 500 health care company is adhering to Sarbanes-Oxley and HIPAA regulations? A. IT audit B. Operational audit C. Compliance audit D. Financial audit E. Investigative audit audit D. Financial audit E. Investigative audit

Compliance initiatives typically are efforts around all except which one of the following? A. To adhere to internal policies and standards B. To adhere to regulatory requirements C. To adhere to industry standards and best practices D. To adhere to an auditor's recommendation

Which of the following companies engaged in fraudulent activity and subsequently filed for bankruptcy? A. WorldCom B. Enron C. TJX D. All of the above E. A and B only

Which one of the following is not a method used for conducting an assessment of security controls? A. Examine B. Interview C. Test D. Remediate

Categorizing information and information systems and then selecting and implementing appropriate security controls is part of a ________.

Risk-based approach

Tingnan ang lahat ng mga set ng pag-aaral

Final Exam - Chapter 1

Kaugnay na mga set ng pag-aaral

Texas Statutes and Rules Common to All Lines

dance bio 5

quizlet- wrong questions

HAMLET STUDY QUESTIONS ACT 4

Chapter 16 Quiz

Business test 2

Sociology Chapter 9

Test 3 (Oligopolys and Monopolistic comp)

FIN Exam 3

Final Business Policy

blood Questions in class

Exam 7

Construction exam 2

Ch 3 Test: Interests and Estates

Anthro 171 Final Exam

Stress and Coping

PSY 360 Final

PSY 456- Chapter 1

AD/DC Machines: Motors and Generators

Chapter 9 Assignment