EC-Council
312-50V10 · Question #456
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
The correct answer is A. Identify and evaluate existing practices. The auditor should first evaluated existing policies and practices to identify problem areas and
Information Security and Ethical Hacking Fundamentals
Question
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
Options
- AIdentify and evaluate existing practices
- BCreate a procedures document
- CConduct compliance testing
- DTerminate the audit
How the community answered
(27 responses)- A74% (20)
- B15% (4)
- C7% (2)
- D4% (1)
Explanation
The auditor should first evaluated existing policies and practices to identify problem areas and
Topics
#security audit#IS auditor#security procedures#compliance assessment
Community Discussion
No community discussion yet for this question.