IT Audit Exam 1 Prep
Regarding privacy, what is a common characteristic of "personal information"?
It can be used to identify a person
Which act, which consists of 11 "titles," mandated many reforms to enhance corporate responsibility, enhance financial disclosures, and prevent fraud?
Sarbanes-Oxley (SOX) Act
A large financial organization wants to outsource its payroll function. Which of the following should the financial organization ensure the payroll company has?
SOC Report
An acceptable use policy (AUP) is part of the _____________ Domain.
User Domain
In an IT infrastructure, the end users' operating environment is called the _____________.
Workstation Domain
Which of the following best describes Control Objectives for Information and related Technology (COBIT)?
A framework providing best practices for IT governance and control
Which of the following best describes a prescriptive IT control?
Helps standardize IT operations and tasks
Assurance against unauthorized modification or destruction of data is the definition of:
Integrity
Which of the following requires organizations to have an annual assessment by a Qualified Security Assessor (QSA)?
Payment Card Industry Data Security Standard (PCI DSS)
Which of the following uses "engagements" to report on the evaluation of controls of third-party service businesses that host or process data on behalf of customers?
SOC
What term describes the identification, control, logging, and auditing of all changes made across the infrastructure?
Configuration and Change Management
Which of the following best describes a descriptive IT control?
Aligns IT with business goals
Which of the following best describes the Gramm-Leach-Bliley Act (GLBA)?
An act of Congress that prohibits banks from offering investment, commercial banking, and insurance services all under one umbrella
An organization creates policies and a framework for the application of controls. The organization then maps existing controls to each regulation to which it must comply. Thereafter, the organization performs a __________ to identify anything that is missing.
Gap Analysis
An unauthorized user has gained access to data and viewed it. What has been lost?
Confidentiality