CRISC Certified in Risk and Information Systems Control – Question138
Which of the following IS processes provide indirect information? Each correct answer represents a complete solution. Choose three. A. Post-implementation reviews of program changes B. Security log monitoring C. Problem management D. Recovery testing
Correct Answer: ABC
Explanation:
Explanation:
Security log monitoring, Post-implementation reviews of program changes, and Problem management provide indirect information. Security log monitoring provide indirect information about certain controls in the security environment, particularly when used to analyze the source of failed access attempts.
Post-implementation reviews of program changes provide indirect information about the effectiveness of internal controls over the development process.
Problem management provide indirect information about the effectiveness of several different IS processes that may ultimately be determined to be the source of incidents.
Incorrect Answers:
D: Recovery testing is the direct evidence that the redundancy or backup controls work effectively. It doesn’t provide any indirect information.
Please disable your adblocker or whitelist this site!