An organization has outsourced some of its subprocesses to a service provider. When scoping the audit of the provider, the organization's internal auditor should FIRST:
An organization was severely impacted after an advanced persistent threat (APT) attack. Afterwards, it was found that the initial breach happened a month prior to the attack. Management's GREATEST concern should be:
Software quality assurance (QA) reviews are planned as part of system development. At which stage in the development process should the first review be initiated?
An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor's NEXT step should be to:
An IS auditor is reviewing an organizations network vulnerability scan results. Which of the following processes would the scan results MOST likely feed into?
A core business unit relies on an effective legacy system that does not meet the current standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?