IT Strategic Planning and Data Classification Standards Quiz
28 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What aspect of IT projects within an organization's strategic plan should have IT requirements incorporated into?

  • Execution phase
  • Planning phase (correct)
  • Monitoring phase
  • Closing phase
  • Which statement aligns best with data classification standards in terms of protecting information assets?

  • Information assets should only be accessed by persons with a justified need.
  • All information assets will be assigned a clearly defined level to facilitate proper employee handling. (correct)
  • All information assets must be encrypted when stored on the organization's systems.
  • Any Information assets transmitted over a public network must be approved by executive management.
  • Who is responsible for ensuring the representation of major stakeholders involved in a project?

  • Change control board
  • Project manager
  • Steering committee (correct)
  • Project management office (PMO)
  • What is the primary measure of an organization’s security program effectiveness?

    <p>Adverse impact of incidents on critical business activities</p> Signup and view all the answers

    What is the BEST course of action for an IS auditor when critical deficiencies have not been addressed after a follow-up audit?

    <p>Assess the impact of not addressing deficiencies.</p> Signup and view all the answers

    Why would an organization separate the development and test IT processing environments?

    <p>Protect programs under development from unauthorized testing.</p> Signup and view all the answers

    What is a common issue that organizations face due to the lack of quick modification and deployment of solutions?

    <p>Inability to adapt to changing business needs.</p> Signup and view all the answers

    What is a significant advantage of having three separate IT processing environments in an organization?

    <p>Improved control over software development processes.</p> Signup and view all the answers

    Why is it important for an organization to mitigate calculation errors in spreadsheets?

    <p>To improve decision-making based on accurate data.</p> Signup and view all the answers

    What should an IS auditor look for to ensure management adequately balances business needs and risk management?

    <p>Implementation of risk management frameworks.</p> Signup and view all the answers

    What is the primary reason for implementing data encryption on desktops?

    <p>To reduce the risk of data leakage</p> Signup and view all the answers

    Which scenario poses the GREATEST risk associated with data leakage?

    <p>There is no requirement for desktops to be encrypted</p> Signup and view all the answers

    When an intrusion into an organization's network is detected, what should be the FIRST step taken?

    <p>Identify nodes that have been compromised</p> Signup and view all the answers

    What is the MOST important aspect for an IS auditor to assess in a project feasibility study?

    <p>An assessment of whether the expected benefits can be achieved</p> Signup and view all the answers

    What is the GREATEST concern when a business-critical application lacks fault tolerance?

    <p>Single point of failure</p> Signup and view all the answers

    Which action can help mitigate the risk of data leakage when staff work remotely?

    <p>Encrypting all desktops in the office</p> Signup and view all the answers

    Which of the following tasks would raise the LEAST segregation of duties (SoD) concern if performed by the person who reconciles the organization's device inventory?

    <p>Creating the device policy</p> Signup and view all the answers

    What should be the IS auditor's PRIMARY recommendation regarding emergency fixes made by programmers in a data center?

    <p>Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems</p> Signup and view all the answers

    What is a significant concern for an IS audit manager when a new auditor in the department previously worked for a cloud service provider?

    <p>Independence</p> Signup and view all the answers

    If a person who reconciles the organization's device inventory also approves the issuing of devices, what segregation of duties (SoD) concern is MOST likely raised?

    <p>Unauthorized device issuance</p> Signup and view all the answers

    What is the BEST way to address the segregation of duties (SoD) concern if the same individual is responsible for both tracking devices used for spare parts and issuing devices to employees?

    <p>Rotating responsibilities between different staff members</p> Signup and view all the answers

    What should be the primary focus of an IS auditor when evaluating emergency fixes made by programmers in operational systems?

    <p>Preserving system integrity</p> Signup and view all the answers

    What is the MOST reliable follow-up procedure for the IS auditor to determine if sequential order numbers are generated?

    <p>Inspect the system settings and transaction logs</p> Signup and view all the answers

    When evaluating network monitoring controls, what is the MOST important for an IS auditor to review?

    <p>Incident monitoring logs</p> Signup and view all the answers

    What would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?

    <p>Unclear system operating conditions</p> Signup and view all the answers

    Which of the following poses the GREATEST risk to an organization related to system interfaces?

    <p>Notifications of data transfers not retained</p> Signup and view all the answers

    What should an IS auditor primarily focus on while reviewing controls related to network monitoring?

    <p>Analyzing network traffic patterns for anomalies</p> Signup and view all the answers

    When conducting a follow-up audit, what should an IS auditor prioritize in terms of assessing sequential order numbering generation?

    <p>Reviewing system settings for sequential number generation</p> Signup and view all the answers

    More Like This

    IT Strategic Planning Quiz
    16 questions

    IT Strategic Planning Quiz

    EncouragingSousaphone avatar
    EncouragingSousaphone
    Strategic Information Management
    10 questions

    Strategic Information Management

    HeavenlyNovaculite2768 avatar
    HeavenlyNovaculite2768
    IT Strategic Planning Overview
    18 questions
    Use Quizgecko on...
    Browser
    Browser