QUESTION 11

Risk management is relevant when you consider the potential financial damage that can be caused by ransomware but insider threats are not really considered a risk in business.

True

False

QUESTION 12

Espionage is not really a consideration in IT auditing and the controls built in applications significantly eliminate any related risks.

True

False

QUESTION 13

Evaluate controls regarding the application's data retention, evaluate the controls regarding data classification within the application, and evaluate overall user involvement and support for the application are typical user involvment steps in the data retention section of the IT audit.

True

False