CISA Certified Information Systems Auditor – Question2771
Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations? A. Security incident summaries B. Vendor best practices C. CERT coordination center D. Significant contracts
Correct Answer: D
Explanation:
Explanation:
Contractual requirements are one of the sources that should be consulted to identify the requirements for the management of information assets. Vendor best practices provides a basis for evaluating how competitive an enterprise is, while security incident summaries are a source for assessing the vulnerabilities associated with the IT infrastructure. CERT (www.cert.org) is an information source for assessing vulnerabilities within the IT infrastructure.
Please disable your adblocker or whitelist this site!