Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Capozzi & Singleton Article
Doughty Article
Bhatia Article
Pollitt Article
Musaji Article
CPE Quiz #
82
Based on Information Systems Control Journal Volume 1, 2002
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Capozzi & Singleton Article1. The authors define four components of good IT governance--stewardship, leadership, people and accountability.
2. Hallmarks of effective board governance functions within Canada are strategic IT skills. The authors cite that a majority of IT governance boards have excellent skills in this key area.
3. The best measurement of the effectiveness of an IT governance board is the ultimate success of the organization.
Doughty Article4. Business continuity planning (BCP) has repositioned its focus in the last 10 years from disaster recovery and information technology to the recovery of business processes that need to be recovered in the event of a disaster.
5. A recent survey cited by the author identified that most large organizations spend 2 percent of their IT budgets on business continuity planning.
6. The objective of the implementation phase of BCP is to test the implementation plan and ensure it will work as designed.
Bhatia Article7. The author defines operational risks as those risks that are not detected by an auditor. Examples of operational risks include: failures of people, processes or other adverse external events.
8. Events that could lead to operational risk include fraud and theft, transaction risk and technology error.
9. Operational risk is a central issue to risk measurement, in that the computations of an acceptable level of operational risk require different measures from company to company.
10. Risk mitigation techniques cited by the author include self-assessment, improved internal controls, insurance and outsourcing.
Pollitt Article11. A first-party insurance program protects the insured should the insured become injured. Examples of first-party insurances are property damage and business interruption insurance.
12. Examples of third-party insurances are errors and omissions insurance, general liability insurance and professional liability insurance.
13. According to the author, development of standardized loss profiles for actuarial risk assessment would help facilitate development of commercial insurance for information security failures.
Musaji Article14. A component disaster recovery test would most often involve a theoretical, or "desk check" of components of an IT system, such as application or tape recovery.
15. Two main objectives are often associated with a full disaster recovery test: confirming the total elapsed time meets the recovery time objective and providing the opportunity for a briefing session so improvements in future tests can be achieved.
16. The most common barriers to testing a disaster recovery plan are cost and availability of a suitable recovery site.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|