O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A.4. Chapter 4—Protection of Information Assets

Here are the answers to the questions in Chapter 4:

  1. What is the most important aspect of performing an evaluation of information security controls on a process or system?

    1. Ensuring that the best practice control techniques are being utilized properly

    2. Understanding the businesses functional requirements of the process to ensure that they can be accomplished

    3. Ensuring that the deployed controls work as part of the overall security architecture program

    4. Making sure that access is strictly controlled based on a need to know

    Answer: B

    The correct answer is B. Best practice control techniques properly utilized (A) will need to be applied relative to the business needs, and they cannot be deployed without considering the goals of the business and the security control parameters that the business process places on the system. It also is important to ensure that the security controls used work well together and compliment other controls used in the architecture providing defense in depth (C), but not without first considering the business goals to ensure the business needs are met. Restricting access based on a need to know (D) also is an important concept and will be a secondary step to ensuring access control that will follow from first understanding the business needs. Those needs define the need to know for the system's users.

  2. The concept of data integrity implies that

    1. Access has not been given to those who do not have a need to know

    2. Data can be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required