It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a
number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and
external audits.
What component of the audit trail is the most important for an external auditor?
What needs to be decided prior to considering the treatment of risks?
When should information security controls be considered?
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security
architecture.
Which elements should the security architect draft?
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?