The greatest concern for an IS auditor when reviewing information security controls would be the absence of mobile device provisions in the information security policy, especially in today’s increasingly mobile and remote work environments. Here’s why:
Mobile device risks: Mobile devices, such as smartphones, tablets, and laptops, represent significant security risks because they are more susceptible to being lost, stolen, or hacked. These devices can access sensitive company data and, if not properly secured, can introduce vulnerabilities. Having provisions for managing the security of mobile devices is crucial to maintaining the integrity of an organization’s information security framework.
Security control gaps: If the policy does not address mobile devices, it could create a significant gap in the organization's security posture, leaving critical data exposed. This omission could lead to breaches, unauthorized access, or data loss.
While the frequency of reviewing the information security policy (option B) is important for ensuring its relevance and alignment with evolving threats and organizational changes, it is secondary to the fundamental issue of having the policy approved by the appropriate authority (option D).
Answer D
it's important for the IS auditor to ensure that the information security policy has been approved by the appropriate senior management authority, whoever that may be in the organization.
i woudl take C if this role indeed existed in org. policy owners equals to CAE
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
roxannebadenhorst
2Â months, 1Â week agoSwallows
8Â months agoa84n
10Â months, 1Â week agoEric0223
2Â years, 1Â month ago