ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 527 discussion

Actual exam question from Isaca's CISA
Question #: 527
Topic #: 1
[All CISA Questions]

Which of the following is the BEST way for an IS auditor to determine how well an information security program has been implemented throughout the organization?

  • A. Evaluate the percentage of employees who have taken security awareness training.
  • B. Review security awareness training content for completeness.
  • C. Perform security risk assessments for the organization's business units.
  • D. Evaluate the integration of security best practices into business workflow.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by EBTURK at May 30, 2023, 6:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
EBTURK
Highly Voted 1 year, 1 month ago
Selected Answer: C
The best way for an IS auditor to determine how well an information security program has been implemented throughout the organization is to perform security risk assessments for the organization’s business units.
upvoted 6 times
...
1Naa
Most Recent 2 weeks, 2 days ago
Selected Answer: D
C will identify specific vulnerabilities and risks but does not assess the overall implementation of the security program like D.
upvoted 1 times
...
Swallows
4 weeks ago
Selected Answer: D
While evaluating the percentage of employees who have taken security awareness training (Option A) can provide some insight into the level of awareness within the organization, it does not necessarily reflect the effectiveness of the security program's implementation. On the other hand, evaluating the integration of security best practices into business workflow (Option D) provides a more comprehensive assessment of how well the security program has been integrated into everyday operations. This approach examines whether security measures are effectively applied in the organization's processes, procedures, and systems, indicating a more robust implementation of the security program.
upvoted 3 times
...
fori12
3 months ago
Selected Answer: C
perform security risk assessments
upvoted 1 times
...
Sibsankar
3 months, 3 weeks ago
D is correct
upvoted 3 times
...
KAP2HURUF
4 months ago
Selected Answer: D
C. Perform security risk assessments for the organization's business units: This is a valuable practice, but it focuses on identifying potential vulnerabilities, not necessarily the effectiveness of the implemented program in mitigating those risks.
upvoted 4 times
...
shiowbah
7 months, 3 weeks ago
D. Evaluate the integration of security best practices into business workflow.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago