CISA Certified Information Systems Auditor – Question0574

Which of the following should be the PRIMARY basis for planning and prioritizing IT infrastructure security audits?

A.
Asset value to the organization
B. Management requests
C. The organization’s risk appetite
D. Security best practice

Correct Answer: A