CISA Certified Information Systems Auditor – Question2743
In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure: A. implementation. B. compliance. C. documentation. D. sufficiency.
Correct Answer: D
Explanation:
Explanation:
An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of controls. Documentation, implementation and compliance are further steps.
Please disable your adblocker or whitelist this site!