What should the IS auditor ensure first? In an organization where an - ProProfs Discuss
Cancel
TopicsDown
Products Down
Follow Us:
FacebookTwitter
Advertisement

What should the IS auditor ensure first?
In an organization where an IT security baseline has been defined



A. implementation.
B. compliance.
C. documentation.
D. sufficiency.

This question is part of CISA-Mock Test - Domain 2 (100 Questions)
Asked by Hemangdoshi, Last updated: Sep 15, 2020

+ Answer
Request
Question menu
Vote up Vote down

2 Answers

L. Sevigny

L. Sevigny

L. Sevigny
L. Sevigny, Doctor, Las Vegas

Answered Sep 26, 2018

If an organization already has its IT security baseline defined you need to see if it is sufficient for the level of data present. You need to check its sufficiency. The auditor should evaluate the minimum baseline security that is required by the IT business. He should include the level of controls and the data in the estimate.

Once he has a value that is sufficient for the level of controls present he can then figure out if the present IT security baseline is up to the mark. After that he needs to document, implement and check the compliance to make sure that everything is in order.

upvote downvote
Reply 

hemangdoshi99

hemangdoshi

hemangdoshi99
Hemangdoshi

Answered Jun 21, 2018

D. sufficiency.

Explanation: The auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of controls. Documentation, implementation and compliance are further steps.
upvote downvote
Reply 

Advertisement
Advertisement
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader

Email Sent
We have sent an email to your address "" with instructions to reset your password.