CISA—Certified Information Systems Auditor - Part 123

1. Right Answer: C
Explanation: Data Steward or data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.For CISA exam you should know below roles in an organizationData Owners '' These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.Data Custodian or Data Steward '' These people are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.Security Administrator -Security administrator is responsible for providing adequate physical and logical security for IS programs, data and equipment.Data Users '' Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.The following were incorrect answers:Data Owner- These peoples are generally managers and directors responsible for using information for running and controlling the business.Data Users '' Data users, including internal and external user community, are the actual user of computerized data.Security Administrator - Security administrator is responsible for providing adequate and logical security for IS programs, data and equipment.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number361

2. Right Answer: D
Explanation: Security administrator are responsible for providing adequate physical and logical security for IS programs, data and equipment.For CISA exam you should know below roles in an organizationData Owners '' These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.Data Custodian or Data Steward '' These people are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.Security Administrator -Security administrator is responsible for providing adequate physical and logical security for IS programs, data and equipment.Data Users '' Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.The following were incorrect answers:Data Owner- These peoples are generally managers and directors responsible for using information for running and controlling the business.Data Users '' Data users, including internal and external user community, are the actual user of computerized data.Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 361

3. Right Answer: D
Explanation: Security administrator are responsible for providing adequate and logical security for IS programs, data and equipment.For CISA exam you should know below roles in an organizationData Owners '' These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.Data Custodian or Data Steward '' These people are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.Security Administrator-Security administrator are responsible for providing adequate physical and logical security for IS programs, data and equipment.Data Users '' Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.The following were incorrect answers:Data Owner - These peoples are generally managers and directors responsible for using information for running and controlling the business.Data Users '' Data users, including internal and external user community, are the actual user of computerized data.Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 361

4. Right Answer: A
Explanation: Data owners are responsible for authorizing access level of a data user. These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.For your exam you should know below roles in an organizationData Owners '' Data Owners are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.Data Custodian or Data Steward ''are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.Security Administrator -Security administrator is responsible for providing adequate physical and logical security for IS programs, data and equipment.Data Users '' Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.The following were incorrect answers:Security Administrator -Security administrator is responsible for providing adequate and logical security for IS programs, data and equipment.Data Users '' Data users, including internal and external user community, are the actual user of computerized data.Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 361

5. Right Answer: B
Explanation: For CISA exam you should know below information about Terminated Employee AccessTermination of employment can occur in the following circumstances:On the request of the employee (Voluntary resignation from service)Scheduled (On retirement or completion of contract)Involuntary (forced by management in special circumstances)In case of an involuntary termination of employment, the logical and physical access rights of employees to the IT infrastructure should either be withdrawn completely or highly restricted as early as possible, before the employee become aware of termination or its likelihood.This ensures that terminated employees cannot continue to access potentially confidential or damaging information from the IT resources or perform any action that would result in damage of any kind of IT infrastructure, applications and data. Similar procedure in place to terminate access for third parties upon terminating their activities with the organization.When it is necessary for employee to continue to have accesses, such access must be monitored carefully and continuously and should take place with senior management's knowledge and authorization.In case of a voluntary or scheduled termination of employment, it is management's prerogative to decide whether access is restricted or withdrawn. This depends on:The specific circumstances associated with each caseThe sensitivity of employee's access to the IT infrastructure and resourcesThe requirement of the organization's information security policies, standards and procedure.The following were incorrect answers:The other options presented are incorrectly describes about involuntary termination.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 361 and 362