Suggested Answer:B🗳️
Following are the phases that are involved in Information system monitoring and maintenance: ✑ Prioritize risk: The first phase involves the prioritization of risk which in turn involves following task: - Analyze and prioritize risks to organizational objectives. - Identify the necessary application components and flow of information through the system. - Examine and understand the functionality of the application by reviewing the application system documentation and interviewing appropriate personnel. ✑ Identify controls: After prioritizing risk now the controls are identified, and this involves following tasks: - Key controls are identified across the internal control system that addresses the prioritized risk. - Applications control strength is identified. - Impact of the control weaknesses is being evaluated. - Testing strategy is developed by analyzing the accumulated information. ✑ Identify information: Now the IS control information should be identified: - Identify information that will persuasively indicate the operating effectiveness of the internal control system. - Observe and test user performing procedures. ✑ Implement monitoring: Develop and implement cost-effective procedures to evaluate the persuasive information. ✑ Report results: After implementing monitoring process the results are being reported to relevant stakeholders. Incorrect Answers: A, C, D: These all phases occur in IS monitoring and maintenance process after prioritizing risks.
The correct answer is:
D. Identifying controls
Identifying controls is the initial phase in the Information Systems (IS) monitoring and maintenance process. This phase involves determining which controls need to be in place to protect information systems and ensure their integrity, confidentiality, and availability. Once controls are identified, they can be monitored and maintained effectively.
The correct answer is D. Identifying controls.
IS monitoring and maintenance is an ongoing process that involves identifying, assessing, and mitigating risks to the organization's information systems. The first step in this process is to identify the controls that are currently in place to protect the organization's information systems. This includes identifying both technical and organizational controls.
Once the current controls have been identified, they need to be assessed to determine their effectiveness in mitigating risks. This will involve evaluating the likelihood and impact of potential threats and vulnerabilities, as well as the effectiveness of the controls in preventing or detecting these threats and vulnerabilities.
The results of the risk assessment will be used to prioritize risks and to identify the controls that need to be strengthened or implemented. The organization will then implement the necessary controls to mitigate the risks to an acceptable level.
Prioritizing risks should be part of the risk assessment process, not in the monitoring process.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Joloms
1 month, 1 week agoAbbey2
6 months, 1 week agoKennethlim79
7 months, 2 weeks agoFZ88
2 years, 5 months agokingsmann
3 years, 3 months ago