The **CISA** is the standard for Information Systems auditing, control, and security professionals. It validates your expertise to audit, control, monitor, and assess an organization's information technology and business systems.
Answer : To evaluate if information assets are protected and if the organization's objectives are being met efficiently.
The audit verifies that controls in place ensure the confidentiality, integrity, and availability of data.
Answer : Inherent risk is the risk before any control, while residual risk is what remains after controls have been implemented.
The auditor must ensure that residual risk is within the tolerance level accepted by management.
Answer : An evaluation conducted after a new system deployment to verify if it meets the initial objectives.
PIR helps in learning lessons and ensuring that expected benefits are realized.
Answer : To enable the organization to continue functioning in the event of a major disaster.
The BCP defines critical processes and resources needed to maintain minimum service.
Answer : Principle of Least Privilege.
This reduces the attack surface and limits potential damage in case of account compromise.