Which of the following should an IS auditor recommend be performed FIRST?

December 16, 2021 by Admin

The chief information officer (CIO) of an organization is concerned that the information security policies may not be comprehensive. Which of the following should an IS auditor recommend be performed FIRST?

  • Obtain a copy of their competitor’s policies.
  • Determine if there is a process to handle exceptions to the policies.
  • Establish a governance board to track compliance with the policies.
  • Compare the policies against an industry framework.

Leave a Reply