EC-Council
312-50V9 · Question #253
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
The correct answer is A. Identify and evaluate existing practices. The auditor should first evaluated existing policies and practices to identify problem areas and
Introduction to Ethical Hacking
Question
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
Options
- AIdentify and evaluate existing practices
- BCreate a procedures document
- CConduct compliance testing
- DTerminate the audit
How the community answered
(28 responses)- A75% (21)
- B4% (1)
- C14% (4)
- D7% (2)
Explanation
The auditor should first evaluated existing policies and practices to identify problem areas and
Topics
#security audit#IS auditing#undocumented procedures#compliance assessment
Community Discussion
No community discussion yet for this question.