________ is preferred by U.S. auditors.

Prepare for the Network Security (NETSEC) 2 Exam. Utilize flashcards and multiple choice questions, complete with hints and detailed explanations. Excel in your security skills!

Multiple Choice

________ is preferred by U.S. auditors.

Explanation:
COBIT is preferred by auditors because it provides an IT governance framework that translates business goals into a complete set of auditable IT control objectives and processes. This makes it straightforward for auditors to assess how IT activities support risk management, compliance, and value delivery, and to map controls to specific IT processes. The framework is widely understood in the auditing community, which helps streamline planning, testing, and assurance reporting. Other options focus more narrowly on security management, payment card data, or broad enterprise controls. ISO/IEC 27001 centers on establishing and maintaining an information security management system rather than governing IT processes as a whole. PCI-DSS targets security requirements for payment card data in cardholder environments, not the full spectrum of IT governance. COSO provides an enterprise-wide internal control framework mainly aimed at financial reporting and general controls, rather than IT-specific governance. COBIT’s IT-centric, auditable approach offers a more direct basis for evaluating and assuring IT controls across the organization, which is why auditors favor it.

COBIT is preferred by auditors because it provides an IT governance framework that translates business goals into a complete set of auditable IT control objectives and processes. This makes it straightforward for auditors to assess how IT activities support risk management, compliance, and value delivery, and to map controls to specific IT processes. The framework is widely understood in the auditing community, which helps streamline planning, testing, and assurance reporting.

Other options focus more narrowly on security management, payment card data, or broad enterprise controls. ISO/IEC 27001 centers on establishing and maintaining an information security management system rather than governing IT processes as a whole. PCI-DSS targets security requirements for payment card data in cardholder environments, not the full spectrum of IT governance. COSO provides an enterprise-wide internal control framework mainly aimed at financial reporting and general controls, rather than IT-specific governance. COBIT’s IT-centric, auditable approach offers a more direct basis for evaluating and assuring IT controls across the organization, which is why auditors favor it.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy