Isaca Updated CISA Exam Questions and Answers by zadie

The most important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy is the business objectives. An information security policy is a document that defines the organization’s approach to protecting its information assets from internal and external threats. It should align with the organization’s mission, vision, values, and goals, and support its business processes and functions1. An informationsecurity policy should also be focused on the business needs and requirements of the organization, rather than on technical details orspecific solutions2.

The other options are not as important as the business objectives, because they do not directly reflect the organization’s purpose and direction. IT steering committee minutes are records of the discussions and decisions made by a group of senior executives who oversee the IT strategy and governance of the organization. They may provide some insights into the information security policy, but they are not sufficientto evaluate its adequacy3. Alignment with the IT tactical plan is a measure of how well the information security policy supports the short-term actions and projects that implement the IT strategy. However, the IT tactical plan itself shouldbe aligned with the business objectives, and not vice versa4. Compliance with industry best practice is a desirable quality of an information security policy, but it is not a guarantee of its effectiveness or suitability for the organization. Industry best practices are general guidelines or recommendations that may not apply to every organization or situation. An information security policy should be customized and tailored to the specific context and needs of the organization. References:

The 12 Elements of an Information Security Policy | Exabeam1

11 Key Elements of an Information Security Policy | Egnyte2

What is an IT steering committee? Definition, roles and responsibilities …3

What is IT Strategy? Definition, Components and Best Practices | BMC …4

IT Security Policy: Key Components and Best Practices for Every Business 

The best testing approach to facilitate rapid identification of application interface errors is automated testing. Automated testing is the use of software tools or scripts to execute predefined test cases, compare expected and actual outcomes, and report any discrepancies. Automated testing can help to speed up the testing process, increase test coverage, reduce human errors, and improve test accuracy and consistency. Automated testing can also help to detect interface errors that may occur due to incompatible data formats, communication protocols, or system configurations. References:

CISA Review Manual (Digital Version), Chapter 3, Section 3.3.11

CISA OnlineReview Course, Domain 2, Module 2, Lesson 1