CISA Certified Information Systems Auditor – Question2771

Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations?

A.
Security incident summaries
B. Vendor best practices
C. CERT coordination center
D. Significant contracts

Correct Answer: D

Explanation:

Explanation:
Contractual requirements are one of the sources that should be consulted to identify the requirements for the management of information assets. Vendor best practices provides a basis for evaluating how competitive an enterprise is, while security incident summaries are a source for assessing the vulnerabilities associated with the IT infrastructure. CERT (www.cert.org) is an information source for assessing vulnerabilities within the IT infrastructure.