Here is a sampling of questions in the format of the CISA exam. These questions are related to the protection of information assets, and will help test your understanding of this subject. Answers with explanations are provided in Appendix A.
What is the most important aspect of performing an evaluation of information security controls on a process or system?
Ensuring that the best practice control techniques are being utilized properly
Understanding the businesses functional requirements of the process to ensure that they can be accomplished Ensuring that the deployed controls work as part of the overall security architecture program
Making sure that access is strictly controlled based on a need to know
The concept of data integrity implies that
Access has not been given to those who do not have a need to know
Data can be accessed by processes when necesssary to support the business function
Data has not been altered or modified outside of the expected and approved processing steps
Data has not been made available to processes for which the data classification has not been accredited
When reviewing security and business risks, it is most important to keep in mind that
Business risks are not as important as the security exposures to potential hackers.
The customer's expectation of privacy should take precedent over the businesses risk tolerance when considering security controls.
Data classification should determine the security controls requirements.
Some compromise ...