During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

Questions › Category: CISA › During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

0 Vote Up Vote Down

Admin Staff asked 5 months ago

During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

A. Obtain an external consultant's support to rewrite the policy.

B. Identify and close gaps compared to a best-practice framework.

C. Perform a benchmark with competitors’ policies.

D. Define roles and responsibilities for regularly updating the policy.








 

Suggested Answer: B

Community Answer: B



This question is in CISA Certified Information Systems Auditor Exam
For getting Certified Information Systems Auditor (CISA) Certificate










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.

During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

When auditing an organization’s software acquisition process, the BEST way for an IS auditor to understand the software benefits to the organization would be to review the:

Which of the following is the PRIMARY objective of implementing IT governance?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

During an information security audit of a mid-sized organization, an IS auditor notes that the organization's information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?

When auditing an organization’s software acquisition process, the BEST way for an IS auditor to understand the software benefits to the organization would be to review the:

Which of the following is the PRIMARY objective of implementing IT governance?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password