Home / Isaca / CISA

Question list

List of questions

Question 1

(0)

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question 2

(0)

Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question 3

(0)

The PRIMARY benefit of automating application testing is to:

Question 4

(0)

Which of the following BEST addresses the availability of an online store?

Question 5

(0)

Which of the following is the BEST way to prevent social engineering incidents?

Question 6

(0)

The PRIMARY purpose of a configuration management system is to:

Question 7

(0)

Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?

Question 8

(0)

Which of the following BEST enables alignment of IT with business objectives?

Question 9

(0)

Which of the following are used in a firewall to protect the entity's internal resources?

Question 10

(0)

Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?

Question 1040 - CISA discussion

Which of the following responses to risk associated with segregation of duties would incur the LOWEST initial cost?

Risk acceptance

Risk mitigation

Risk transference

Risk reduction

Suggested answer: A

Explanation:

Segregation of duties is a fundamental concept in cybersecurity and information security.It refers to the practice of dividing critical tasks and responsibilities among different individuals or roles within an organization to reduce the risk of fraud, error, or unauthorized activities1.Segregation of duties is designed to prevent unilateral actions within an organization's workflow, which can result in damaging events that would exceed the organization's risk tolerance2.

There are different types of responses to risk associated with segregation of duties, depending on the level of risk and the cost-benefit analysis. Some of the common responses are:

Risk acceptance: This means acknowledging a risk and deciding to tolerate it without taking any corrective actions.This response is usually chosen when the risk is low or the cost of mitigation is too high3.

Risk mitigation: This means taking steps ahead of time to lessen the effects of a risk and make it less likely to happen.Some examples of mitigation strategies are making backup plans, setting up early warning systems, and staying away from high-risk areas or activities4.

Risk transference: This means shifting the negative impact of a risk and/or the responsibility for managing the risk response to a third party.Some examples of transference strategies are outsourcing, insurance, or contracts5.

Risk reduction: This means reducing the probability and/or severity of the risk below a threshold of acceptability.Some examples of reduction strategies are implementing controls, policies, or procedures to prevent or detect risks6.

Based on these definitions, the response to risk associated with segregation of duties that would incur the lowest initial cost is A. Risk acceptance. This is because risk acceptance does not require any additional resources or actions to address the risk. However, risk acceptance also implies that the organization is willing to bear the consequences of the risk if it occurs, which could be costly in the long run.

Therefore, the correct answer to your question is A. Risk acceptance.

Show Answer

asked 18/09/2024

Francesco Gallo

33 questions

Your answer: A B C D

0 comments

Sorted by