CISM Certified Information Security Manager – Question1071 - CISM Certified Information Security Manager

Security audit reviews should PRIMARILY:

A. ensure that controls operate as required.
B. ensure that controls are cost-effective.
C. focus on preventive controls.
D. ensure controls are technologically current.

Correct Answer: A

Explanation:

Explanation:
The primary objective of a security review or audit should be to provide assurance on the adequacy of security controls. Reviews should focus on all forms of control, not just on preventive control. Cost-effectiveness and technological currency are important but not as critical.