ExamGecko
Search Search Login
Home Home / Isaca / Cybersecurity Audit
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
The GREATEST advantage of using a common vulnerability scoring system is that it helps with:
Which of the following BEST characterizes security mechanisms for mobile devices?
Using digital evidence to provide validation that an attack has actually occurred is an example of;
Which of the following is the BEST indication that an organization's vulnerability management process is operating effectively?
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:
The risk of an evil twin attack on mobile devices is PRIMARILY due to:
What is the FIRST activity associated with a successful cyber attack?
Which of the following backup procedure would only copy files that have changed since the last backup was made?

Question 59 - Cybersecurity Audit discussion

Report
Export

Which of the following should an IS auditor do FIRST to ensure cyber security-related legal and regulatory requirements are followed by an organization?

A.
Determine if the cybersecurity program is mapped to relevant legal and regulatory requirements.
Answers
A.
Determine if the cybersecurity program is mapped to relevant legal and regulatory requirements.
B.
Review the most recent legal and regulatory audit report conducted by an independent party.
Answers
B.
Review the most recent legal and regulatory audit report conducted by an independent party.
C.
Determine if there is a formal process to review changes in legal and regulatory requirements. D Obtain a list of relevant legal and regulatory requirements.
Answers
C.
Determine if there is a formal process to review changes in legal and regulatory requirements. D Obtain a list of relevant legal and regulatory requirements.
Suggested answer: A

Explanation:

The FIRST thing that an IS auditor should do to ensure cyber security-related legal and regulatory requirements are followed by an organization is to determine if the cybersecurity program is mapped to relevant legal and regulatory requirements. This is because mapping the cybersecurity program to relevant legal and regulatory requirements helps to ensure that the organization has identified and addressed all the applicable laws and regulations that affect its cybersecurity posture, such as data protection, privacy, breach notification, etc. Mapping the cybersecurity program to relevant legal and regulatory requirements also helps to evaluate the alignment and compliance of the organization's cybersecurity policies, procedures, controls, and practices with the legal and regulatory requirements. The other options are not the first thing that an IS auditor should do to ensure cyber security-related legal and regulatory requirements are followed by an organization, but rather follow after determining if the cybersecurity program is mapped to relevant legal and regulatory requirements, such as reviewing the most recent legal and regulatory audit report (B), determining if there is a formal process to review changes in legal and regulatory requirements C, or obtaining a list of relevant legal and regulatory requirements (D).

Show Answer
asked 18/09/2024
Ian Lloyd
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms