READ Free Dumps For Isaca- CISA
| Question ID 22451 | Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service
provider? The provider:
|
| Option A | meets or exceeds industry security standards.
|
| Option B | agrees to be subject to external security reviews.
|
| Option C | has a good market reputation for service and experience.
|
| Option D | complies with security policies of the organization.
|
| Correct Answer | B |
Explanation It is critical that an independent security review of an outsourcing vendor be obtained because customer credit information will be kept there. Compliance with security standards or organization policies is important, but there is no way to verify orprove that that is the case without an independent review. Though long experience in business and good reputation is an important factor to assess service quality, the business cannot outsource to a provider whose security control is weak.
| Question ID 22452 | The risks associated with electronic evidence gathering would MOST likely be reduced by an e- mail:
|
| Option A | destruction policy.
|
| Option B | security policy.
|
| Option C | archive policy.
|
| Option D | audit policy.
|
| Correct Answer | C |
Explanation With a policy of well-archived e-mail records, access to or retrieval of specific e-mail records is possible without disclosing other confidential e-mail records. Security and/or audit policies would not address the efficiency of record retrieval, and destroying e-mails may be an illegal act.