|
|
เตรียมตัวสอบ CISA
| Area 02 : Question 04 ( C1 - 4 ) |
|
3
4
|
Question : The initial step in establishing an information security program is the :
| A) |
development and implementation of an information security standards manual. |
| |
| B) |
performance of a comprehensive security control review by the IS auditor. |
| |
| C) |
adoption of a corporate information security policy statement. |
| |
| D) |
purchase of security access control software. |
| Question |
| |
( ) |
|
| |
| Choice : A |
| |
| Choice : B |
| |
| Choice : C |
| |
| Choice : D |
The Correct Answer is :
C. adoption of a corporate information security policy statement.
Explanation :
A policy statement reflects the intent and support provided by executive management for proper security, and establishes a starting point for developing the security program.
|
