New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISA Exam - Topic 5 Question 66 Discussion

Actual exam question for Isaca's CISA exam
Question #: 66
Topic #: 5
[All CISA Questions]

What should an IS auditor evaluate FIRST when reviewing an organization's response to new privacy legislation?

Show Suggested Answer Hide Answer
Suggested Answer: D

This is according to the ISACA's IS Auditing Guideline G14 on Privacy and Data Protection, which states that an IS auditor should first evaluate the organization's ability to identify and assess the systems that contain privacy components, and then review the adequacy of the operational plan for achieving compliance with the legislation.


by Cecily at Oct 07, 2023, 11:31 AM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Iluminada
3 months ago
Other countries' laws could help shape our approach too!
upvoted 0 times
...
Jarvis
3 months ago
Wait, are we sure the legislation is even clear enough?
upvoted 0 times
...
Iesha
3 months ago
But what about analyzing existing systems first?
upvoted 0 times
...
Stephanie
4 months ago
Definitely agree, compliance starts with that!
upvoted 0 times
...
Brianne
4 months ago
I think the implementation plan is key.
upvoted 0 times
...
Dell
4 months ago
I practiced a question similar to this, and I think looking at privacy legislation in other countries could be relevant, but it might not be the top priority.
upvoted 0 times
...
Shaniqua
4 months ago
I feel like analyzing systems with privacy components might be crucial too, but I can't recall if that's the first step.
upvoted 0 times
...
Merlyn
4 months ago
I'm not entirely sure, but I remember something about the importance of understanding the implementation plan for restricting personal information.
upvoted 0 times
...
Tatum
5 months ago
I think the first thing to evaluate should be the operational plan for compliance. It seems like a logical starting point.
upvoted 0 times
...
Ciara
5 months ago
Okay, I've got this. The correct answer is C - the operational plan for achieving compliance with the legislation. That's going to be the foundation for everything else, so it makes sense to start there and then work outward from there.
upvoted 0 times
...
Jina
5 months ago
I've got a good strategy for this. I think the first thing I'd evaluate is the organization's analysis of the systems that contain privacy components. That's going to be crucial for understanding how they're currently handling personal information and where they need to make changes.
upvoted 0 times
...
Luisa
5 months ago
I'm a little confused by this question. Should I be focusing on the internal processes and systems, or looking at the broader legal landscape? I'm not sure if I should start with the operational plan or the analysis of the systems that contain privacy components.
upvoted 0 times
...
Jeanice
5 months ago
Okay, let me think about this. I'm not totally sure, but I feel like the implementation plan for restricting the collection of personal information would be the best place to start. That seems like the core of what the new legislation is addressing.
upvoted 0 times
...
Marvel
5 months ago
Hmm, this is a tricky one. I think I'd start by looking at the organization's operational plan for achieving compliance with the new privacy legislation. That seems like the most logical first step to me.
upvoted 0 times
...
Francine
5 months ago
Okay, I think I've got a good handle on this. The key things to remember are that INTERSECT returns the common rows, and the order and number of columns don't matter. I'll focus on those points in my answer.
upvoted 0 times
...
Bobbie
5 months ago
Hmm, this looks like a tricky time-related question. I'll need to think it through carefully.
upvoted 0 times
...

Save Cancel