CISA Certified Information Systems Auditor – Question1780

Security should ALWAYS be an all or nothing issue.

A.
True
B. True for trusted systems only
C. True for untrusted systems only
D. False
E. None of the choices.

Correct Answer: D

Explanation:

Explanation:
Security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined.