A business has requested an audit to determine whether information stored in an application is adequately protected. Which of the following is the MOST important action before the audit work begins?
A business has requested an audit to determine whether information stored in an application is adequately protected. Which of the following is the MOST important action before the audit work begins?
Before beginning an audit to determine whether information stored in an application is adequately protected, it is most important to establish control objectives. Control objectives provide a clear set of goals and benchmarks against which the security of the application can be measured. This helps ensure that the audit is focused, efficient, and aligned with the business's compliance and security requirements. Without established control objectives, the audit could lack direction and miss critical areas of assessment.
I think that A is a more proper answer.
A is the right answer
Answer A. Assess the threat landscape.
Identifying control objectives provides a focus for the audit and sets a standard for properly assessing the state of information protection. While assessing the threat landscape is important, establishing the audit objectives should take priority.