Question

When reviewing the development of information security policies, the PRIMARY focus of an IS auditor should be on

a). Assuring that these Are aligned with globally accepted industry good practices.
b). Are approved by the board of directors and senior management.
c). Strike a balance between business and security requirements.
d). Provide direction for implementing security procedures.

Answer 1

The primary focus of an IS auditor when reviewing the development of information security policies should be on assuring alignment with industry good practices, striking a balance between business and security requirements, and providing direction for implementing security procedures.

Step-by-step explanation:

The PRIMARY focus of an IS auditor when reviewing the development of information security policies should be on

1. Assuring that these are aligned with globally accepted industry good practices: IS auditors should ensure that the policies are in line with industry standards and best practices to enhance the organization's security posture.
2. Striking a balance between business and security requirements: IS auditors should ensure that the policies meet both the organization's operational needs and security requirements.
3. Providing direction for implementing security procedures: IS auditors should ensure that the policies provide clear guidance and instructions for implementing security measures and procedures.

By focusing on these aspects, IS auditors can contribute to the development of effective and comprehensive information security policies for an organization.