Is not listed in the approved software standards document is correct. The installation of
software that is not allowed by policy is a serious violation and could put the organization at
security, legal and financial risk. Any software that is allowed should be part of a standard
software list. This is the first thing to review because this would also indicate compliance with
policies.
Was installed, but not documented in the IT department records is incorrect. All software,
including licenses, should be documented in IT department records, but this is not as serious
as the violation of policy in installing unapproved software.
Was being used by users not properly trained in its use is incorrect. Discovering that users
, have not been formally trained in the use of a software product is common, and while not
ideal, most software includes help files and other tips that can assist in learning how to use
the software effectively.
License will expire in the next 15 days is incorrect. A software license that is about to expire is
not a risk if there is a process in place to renew it.
When reviewing the desktop software compliance of an organization, the IS
auditor should be MOST concerned if the installed software:
a) was installed, but not documented in the IT department records.
b) was being used by users not properly trained in its use.
c) is not listed in the approved software standards document.
d) license will expire in the next 15 days.
Recovery point objective (RPO) is correct. This is determined based on the acceptable data
loss in case of a disruption of operations. It indicates the earliest point in time that is
acceptable to recover the data. The RPO effectively quantifies the permissible amount of
data loss in case of interruption. The media creation date will reflect the point to which data
are to be restored or the RPO.
Recovery time objective is incorrect. This is the amount of time allowed for the recovery of a
business function or resource after a disaster occurs.
Service delivery objective is in correct. This is directly related to the business needs and is the
level of service to be reached during the alternate process mode until the normal situation is
restored.
Maximum tolerable outage is incorrect. This is the maximum time that an organization can
support processing in alternate mode.
After a disaster declaration, the media creation date at a warm recovery site is
based on the:
a) recovery point objective.
b) recovery time objective.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller codersimon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.00. You're not tied to anything after your purchase.