Professional Documents
Culture Documents
Feedback On The Self-Test - Ais 5131 Chapter 1 Part B
Feedback On The Self-Test - Ais 5131 Chapter 1 Part B
Feedback On The Self-Test - Ais 5131 Chapter 1 Part B
ANS: D
RATIONALE: A is incorrect because it’s the other way around. Information security
governance ensures information security risk is appropriately managed and enterprise
information resources are used responsibly. B is incorrect because information security
governance ensures achievement of objectives. C is incorrect because information
security governance provides strategic direction, not operational and tactical direction.
ANS: B
3. The term CIA, one of the specific drivers of Information Security Governance, refers
to
a) completeness, increased productivity, accuracy
b) confidentiality, integrity, availability
c) corporate integrity agreement
d) certified internal auditor
ANS: B
4. The members of senior management who approve security policies should come from
varied operations and staff functions within the enterprise to ensure the fair
representation of the enterprise as a whole and to encourage any potential leaning
toward a specific business priority or technology overhead or security concerns.
a) True
b) False
ANS: B
RATIONALE: The statement is incorrect. The first part of the statement is correct since
the members of the senior management to approve security policies should come from
different functional units and be well represented to ensure fairness for the whole
enterprise. The incorrect statement is on the second part since the move to include
members in the committee or group to approve the security polices from various
departments will help reduce and not encourage the leaning towards a specific priority
or concern.
ANS: A
ANS: B
8. In developing strategic plans (which is generally five to ten years) enterprises should
ensure that the plans are fully aligned and consistent with the overall organizational
goals and objectives.
a) True
b) False
ANS: B
RATIONALE: The statement is incorrect. Strategic plans generally range from three to
five years.
ANS: D
ANS: B
RATIONALE: A is incorrect since IS auditors should pay full attention to the importance
of IS strategic planning, taking management control practices into consideration. C is
incorrect since IS auditors should consider how the CIO or senior IT management is
involved in the creation of the overall business strategy because a lack of involvement
of IT in the creation of the business strategy indicates that there is a risk that the IT
strategy and plans will not be aligned with the business strategy.