CISA Certified Information Systems Auditor – Question0819

Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

A.
Gap analysis
B. Risk assessment
C. Business impact analysis (BIA)
D. Penetration testing

Correct Answer: A