CIS 349 Information Technology Audit and Control (CIS 349)

CIS 349 Week 1 Worksheet 1: Intro to the NIST SP 800-53A Assessing the Security Controls in Federal Information Systems and Organizations Course Learning Outcome(s) Describe the components and basic requirements for creating an audit plan to support business and system considerations. Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.

CIS 349 Midterm Exam 1. This is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker. 2. ________ seeks to better run an organization using complete and accurate information and management processes or controls. 3. What term is given to the practice of mitigating risks through controls? 4. What is the Public Company Accounting Oversight Board (PCAOB)? 5. What is the name of the process, based on Departmen...

CIS 349 Final Exam 1. Many organizations use a RACI matrix to document tasks and the personnel responsible for the assignments. RACI stands for ___________, ___________, consulted, and informed. 2. Regarding user security clearances, in addition to possessing a clearance level that matches or exceeds the classification label of an object, a subject must have the ___________ for the object as well. 3. Company A has a project plan for a new product under development. The product will be one of ...