CHAPTER
9
9
DRAFTING
OF IS SECURITY POLICY,
OF IS SECURITY POLICY,
AUDIT
POLICY, IS AUDIT REPORTING –
POLICY, IS AUDIT REPORTING –
A
PRACTICAL PERSPECTIVE
PRACTICAL PERSPECTIVE
Scan
of Past Exam Questions:
of Past Exam Questions:
Year | Marks | Questions | Answers in ICAI-ISCA Study Material Page No: |
N 08 | 5 | 4(b) Discuss various types of Information Security Policies and their hierarchy | 9.8 |
N 08 | 5 | 4(c) State and briefly explain the contents of a Standard Information System Audit Report | 9.21, 9.22 |
J 09 | 5 | 5(b) The Information Security Policy of an organization has been defined and documented as given below: “Our organization is committed to ensure Information Security through established goals and principles. Responsibilities for implementing every aspect of specific applicable proprietary and general principles, standards and compliance requirements have been defined. This is reviewed at least once a year for continued suitability with regard to cost and technological changes.” Identify the salient components that have not been covered in the above policy. | 9.7 |
J 09 | 10 | 6(a) What purpose the information system audit policy will serve? Briefly describe the scope of Information System Audit | 9.15, 9.16 |
N 09 | 5 | 2(c) Discuss ‘Physical and Environmental Security with Control and Objectives’ with respect to Information Security Policy? | 9.14 |
N 09 | 10 | 4(a) You have been asked to conduct an IS Audit for a Bank. (i) How will you develop a documented audit program? (ii) What kind of working papers and documentation you will prepare? | 9.18, 9.19 |
N 09 | 5 | 4(b) Explain the basic types of Information Protection that an Organisation can use? | 9.6 |
1 comment:
Thanks for sharing the Scan
of Past Exam Questions of Drafting of IS Security Policy, Audit Policy, IS Audit Reporting. Will surely prepare those as these seem most important.Keep up this work as it helps a lot.
Post a Comment