On a monthly basis, internal auditors review an organization's information security policy over a specific group of physical computer assets. The review is an example of a(n):

Question

Quizplus · Accepted Answer

The review of an organization's information security policy falls under administrative security controls as it involves policies, procedures, and guidelines for managing and protecting information assets. Physical security controls would involve securing physical access to the computer assets, while technical security controls would involve the implementation of technical solutions such as firewalls, anti-virus software, etc. Sarbanes-Oxley security controls are a set of regulations related to financial reporting and do not directly pertain to information security.

On a Monthly Basis, Internal Auditors Review an Organization's Information