CISA Certified Information Systems Auditor – Question3047

Which of the following should an IS auditor expect to find when reviewing IT security policy?

A.
Assigned responsibility for safeguarding company assets
B. A risk-based classification of systems
C. An inventory of information assets
D. Virus protection implementation strategies

Correct Answer: A