During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

QuestionsCategory: CISADuring an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?
Admin Staff asked 5 months ago
During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

A. Obtain an external consultant's support to rewrite the policy.

B. Identify and close gaps compared to a best-practice framework.

C. Perform a benchmark with competitors’ policies.

D. Define roles and responsibilities for regularly updating the policy.








 

Suggested Answer: B

Community Answer: B



This question is in CISA Certified Information Systems Auditor Exam
For getting Certified Information Systems Auditor (CISA) Certificate










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.

Next Post

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.