In: Accounting
An IS auditor is tasked to review the adequacy of an organization's technology recovery strategy. Which of the following factors would the auditor PRIMARILY review?
A. Recovery time objective (RTO)
B. Business impact analysis (BIA)
C. Ability to recover from severe disaster
D. Recovery point objective (RPO)
When preparing a business case to support the need of an electronic data warehouse solution, which of the following choices is the MOST important to assist management in the decision-making process?
A. Discuss a single solution.
B. Consider security controls.
C. Demonstrate feasibility.
D. Consult the audit department.
During a postimplementation review of a firewall upgrade project,
an IS auditor discovered that several ports were left open that
were not required for business purposes. It was determined that the
ports were opened for a test server that was no longer being used.
What is the BEST control to recommend so that this situation will
not recur?
A. Firewall rule changes should happen only if the changes are properly documented.
B. Test servers should never be connected via the production firewall.
C. IT management should engage a third party to review the firewall rules and to conduct a penetration test on a quarterly basis.
D. The security administrator should perform periodic reviews to validate firewall rules.