[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:01.90,Default,,0000,0000,0000,,
Dialogue: 0,0:00:01.90,0:00:04.75,Default,,0000,0000,0000,,[AUDIO LOGO]
Dialogue: 0,0:00:04.75,0:00:06.65,Default,,0000,0000,0000,,
Dialogue: 0,0:00:06.65,0:00:07.44,Default,,0000,0000,0000,,Hi all.
Dialogue: 0,0:00:07.44,0:00:10.19,Default,,0000,0000,0000,,Good morning to\Nthe session today.
Dialogue: 0,0:00:10.19,0:00:14.57,Default,,0000,0000,0000,,So this session is basically for\Nthe CISA, certified information
Dialogue: 0,0:00:14.57,0:00:15.54,Default,,0000,0000,0000,,systems auditor.
Dialogue: 0,0:00:15.54,0:00:18.89,Default,,0000,0000,0000,,And we will be discussing\Non the question and answers,
Dialogue: 0,0:00:18.89,0:00:22.37,Default,,0000,0000,0000,,and basically on how to\Napproach the exam questions.
Dialogue: 0,0:00:22.37,0:00:25.13,Default,,0000,0000,0000,,This is in line with the\NISACA's thought process
Dialogue: 0,0:00:25.13,0:00:27.21,Default,,0000,0000,0000,,or how you need to\Napproach a question,
Dialogue: 0,0:00:27.21,0:00:29.27,Default,,0000,0000,0000,,how you need to answer\Na question while you
Dialogue: 0,0:00:29.27,0:00:30.96,Default,,0000,0000,0000,,are taking the real exam.
Dialogue: 0,0:00:30.96,0:00:34.40,Default,,0000,0000,0000,,So we will be having the\Nquestions taken from the CRM,
Dialogue: 0,0:00:34.40,0:00:36.26,Default,,0000,0000,0000,,as an extract, and\Nwe will be discussing
Dialogue: 0,0:00:36.26,0:00:39.68,Default,,0000,0000,0000,,in detail what is the\Nmode of a thought process
Dialogue: 0,0:00:39.68,0:00:43.22,Default,,0000,0000,0000,,that you need to inculcate while\Nyou are preparing for the exam,
Dialogue: 0,0:00:43.22,0:00:45.23,Default,,0000,0000,0000,,as well as when you are in exam.
Dialogue: 0,0:00:45.23,0:00:48.65,Default,,0000,0000,0000,,So if I start off with,\Nwe will have this,
Dialogue: 0,0:00:48.65,0:00:52.16,Default,,0000,0000,0000,,the agenda would be the small\Nintroduction about myself
Dialogue: 0,0:00:52.16,0:00:54.74,Default,,0000,0000,0000,,and you, and I'll\Ntell a brief note
Dialogue: 0,0:00:54.74,0:00:57.75,Default,,0000,0000,0000,,on how you need to approach\Nthe CISA questions.
Dialogue: 0,0:00:57.75,0:01:00.83,Default,,0000,0000,0000,,And we will be discussing\Ndomain 1 to 5 questions
Dialogue: 0,0:01:00.83,0:01:03.86,Default,,0000,0000,0000,,and how we need to think\Nlike an IS auditor.
Dialogue: 0,0:01:03.86,0:01:08.36,Default,,0000,0000,0000,,That will be going in line with\Nthe 1 to 5 domain questions
Dialogue: 0,0:01:08.36,0:01:09.32,Default,,0000,0000,0000,,that we are discussing.
Dialogue: 0,0:01:09.32,0:01:10.97,Default,,0000,0000,0000,,That will be in parallel.
Dialogue: 0,0:01:10.97,0:01:14.57,Default,,0000,0000,0000,,And a final Q&A\Nwill be for you all
Dialogue: 0,0:01:14.57,0:01:18.14,Default,,0000,0000,0000,,to openly ask some\Nquestions regarding CISA.
Dialogue: 0,0:01:18.14,0:01:19.56,Default,,0000,0000,0000,,That is the end of the session.
Dialogue: 0,0:01:19.56,0:01:22.64,Default,,0000,0000,0000,,So the introduction about\Nmyself is that my name
Dialogue: 0,0:01:22.64,0:01:23.67,Default,,0000,0000,0000,,is Krishnan Ramani.
Dialogue: 0,0:01:23.67,0:01:26.13,Default,,0000,0000,0000,,I think some of you would\Nhave seen me in LinkedIn.
Dialogue: 0,0:01:26.13,0:01:29.12,Default,,0000,0000,0000,,So I'm an information security\Nand an IT audit expert,
Dialogue: 0,0:01:29.12,0:01:30.89,Default,,0000,0000,0000,,with a total of 13\Nyears experience
Dialogue: 0,0:01:30.89,0:01:33.68,Default,,0000,0000,0000,,into IT auditing,\Ninformation security domain,
Dialogue: 0,0:01:33.68,0:01:36.74,Default,,0000,0000,0000,,out of which eight years\Nis solely dedicated.
Dialogue: 0,0:01:36.74,0:01:38.75,Default,,0000,0000,0000,,I have a wide\Nvariety of experience
Dialogue: 0,0:01:38.75,0:01:44.51,Default,,0000,0000,0000,,in IT audits, IT security, GRC,\NITGC, and IT security strategy.
Dialogue: 0,0:01:44.51,0:01:49.40,Default,,0000,0000,0000,,So my certifications\Nare CISSP, CISA,
Dialogue: 0,0:01:49.40,0:01:53.84,Default,,0000,0000,0000,,for which I was a chapter\Nrank holder, a first rank
Dialogue: 0,0:01:53.84,0:01:57.30,Default,,0000,0000,0000,,holder, and CEH, which\Nis the Certified Ethical
Dialogue: 0,0:01:57.30,0:01:59.94,Default,,0000,0000,0000,,Hacking, version 10, and\NI'm a Lean Six Sigma Black
Dialogue: 0,0:01:59.94,0:02:02.91,Default,,0000,0000,0000,,Belt certified, and I have\Ndone business analytics.
Dialogue: 0,0:02:02.91,0:02:07.38,Default,,0000,0000,0000,,And I am also into a certified\Ncybercrime intervening officer.
Dialogue: 0,0:02:07.38,0:02:11.34,Default,,0000,0000,0000,,So let us start with\Nthis thought process, why
Dialogue: 0,0:02:11.34,0:02:13.03,Default,,0000,0000,0000,,we are coming for CISA.
Dialogue: 0,0:02:13.03,0:02:15.04,Default,,0000,0000,0000,,Let me pause here for a moment.
Dialogue: 0,0:02:15.04,0:02:18.42,Default,,0000,0000,0000,,So what is the objective?
Dialogue: 0,0:02:18.42,0:02:21.43,Default,,0000,0000,0000,,So there is a\Npractical relevance.
Dialogue: 0,0:02:21.43,0:02:24.37,Default,,0000,0000,0000,,So every detail given\Nin the CRM book,
Dialogue: 0,0:02:24.37,0:02:26.22,Default,,0000,0000,0000,,which is the CISA\Nreview manual, there
Dialogue: 0,0:02:26.22,0:02:28.81,Default,,0000,0000,0000,,is a practical\Nrelevance for you to do.
Dialogue: 0,0:02:28.81,0:02:33.46,Default,,0000,0000,0000,,And while you are working as\Nan auditor or an IT auditor,
Dialogue: 0,0:02:33.46,0:02:36.42,Default,,0000,0000,0000,,even when you are working\Nas an ITGC person, which
Dialogue: 0,0:02:36.42,0:02:40.53,Default,,0000,0000,0000,,is the general controls,\Nand any line of defense,
Dialogue: 0,0:02:40.53,0:02:44.83,Default,,0000,0000,0000,,from CRM or PRC technology,\Nrisk management and everything.
Dialogue: 0,0:02:44.83,0:02:46.71,Default,,0000,0000,0000,,So probably what\Nhappens is there
Dialogue: 0,0:02:46.71,0:02:49.89,Default,,0000,0000,0000,,is a pure practical relevance\Nin terms of understanding
Dialogue: 0,0:02:49.89,0:02:53.05,Default,,0000,0000,0000,,these controls, what\NIT audit is all about,
Dialogue: 0,0:02:53.05,0:02:54.81,Default,,0000,0000,0000,,how do we preserve\Nthings, how do we
Dialogue: 0,0:02:54.81,0:02:57.12,Default,,0000,0000,0000,,maintain staffs, what\Nare all the things.
Dialogue: 0,0:02:57.12,0:02:59.94,Default,,0000,0000,0000,,Because as an IS auditor, you\Nwill be reading this book.
Dialogue: 0,0:02:59.94,0:03:03.58,Default,,0000,0000,0000,,But once when it comes to the\Nimplementation part as well,
Dialogue: 0,0:03:03.58,0:03:05.96,Default,,0000,0000,0000,,there are a lot of clues that\Nhas been given in the book,
Dialogue: 0,0:03:05.96,0:03:07.85,Default,,0000,0000,0000,,in terms of how do\Nyou preserve stuff
Dialogue: 0,0:03:07.85,0:03:11.01,Default,,0000,0000,0000,,so that it will be good for\Nan audit and everything.
Dialogue: 0,0:03:11.01,0:03:15.17,Default,,0000,0000,0000,,So in that mode, it is very\Nrelevant to the present day
Dialogue: 0,0:03:15.17,0:03:15.90,Default,,0000,0000,0000,,world.
Dialogue: 0,0:03:15.90,0:03:18.26,Default,,0000,0000,0000,,And as we see, the\Ntechnology is also
Dialogue: 0,0:03:18.26,0:03:20.16,Default,,0000,0000,0000,,emerging at this point in time.
Dialogue: 0,0:03:20.16,0:03:22.47,Default,,0000,0000,0000,,So today, there is\Nsomething called cloud.
Dialogue: 0,0:03:22.47,0:03:24.00,Default,,0000,0000,0000,,Tomorrow there\Nwill be something--
Dialogue: 0,0:03:24.00,0:03:25.49,Default,,0000,0000,0000,,a new technology\Nwill be arriving,
Dialogue: 0,0:03:25.49,0:03:27.60,Default,,0000,0000,0000,,and everything will\Nbe changing overnight.
Dialogue: 0,0:03:27.60,0:03:31.19,Default,,0000,0000,0000,,But what we need to do is the\Nfundamentals remain the same.
Dialogue: 0,0:03:31.19,0:03:33.36,Default,,0000,0000,0000,,So what are all the things\Nthat we are going to see?
Dialogue: 0,0:03:33.36,0:03:34.85,Default,,0000,0000,0000,,What are all the\Nthings that we are
Dialogue: 0,0:03:34.85,0:03:37.22,Default,,0000,0000,0000,,going to look whenever\Nwe are auditing
Dialogue: 0,0:03:37.22,0:03:41.03,Default,,0000,0000,0000,,or whenever we are performing\Nthe role of information security
Dialogue: 0,0:03:41.03,0:03:42.54,Default,,0000,0000,0000,,analyst or any other thing?
Dialogue: 0,0:03:42.54,0:03:47.27,Default,,0000,0000,0000,,But this book is purely based,\Npurely focused on the IS auditor
Dialogue: 0,0:03:47.27,0:03:48.54,Default,,0000,0000,0000,,side of things.
Dialogue: 0,0:03:48.54,0:03:52.67,Default,,0000,0000,0000,,So the prism of optics is\Npurely from the IS auditor
Dialogue: 0,0:03:52.67,0:03:53.40,Default,,0000,0000,0000,,point of view.
Dialogue: 0,0:03:53.40,0:03:55.78,Default,,0000,0000,0000,,Because the moment\Nyou start thinking
Dialogue: 0,0:03:55.78,0:04:00.18,Default,,0000,0000,0000,,as IS security analyst\Nfor this exam, that
Dialogue: 0,0:04:00.18,0:04:02.92,Default,,0000,0000,0000,,will not be the correct\Nthing that we will be doing.
Dialogue: 0,0:04:02.92,0:04:07.41,Default,,0000,0000,0000,,So what we need to approach,\Nhow we need to approach
Dialogue: 0,0:04:07.41,0:04:09.87,Default,,0000,0000,0000,,and what we need to\Ndo is exactly what
Dialogue: 0,0:04:09.87,0:04:11.20,Default,,0000,0000,0000,,I am going to tell here.
Dialogue: 0,0:04:11.20,0:04:13.98,Default,,0000,0000,0000,,So the questions will\Nbe-- each question
Dialogue: 0,0:04:13.98,0:04:17.01,Default,,0000,0000,0000,,has a stem question, which\Nwill be a basic question, which
Dialogue: 0,0:04:17.01,0:04:19.08,Default,,0000,0000,0000,,will be having four options.
Dialogue: 0,0:04:19.08,0:04:21.99,Default,,0000,0000,0000,,Choose the correct\Nor the best option.
Dialogue: 0,0:04:21.99,0:04:25.14,Default,,0000,0000,0000,,So as I was telling,\Nso the scenarios
Dialogue: 0,0:04:25.14,0:04:28.98,Default,,0000,0000,0000,,will be completely related\Nto the IS audit scenarios.
Dialogue: 0,0:04:28.98,0:04:30.85,Default,,0000,0000,0000,,You will be presented\Na situation.
Dialogue: 0,0:04:30.85,0:04:32.82,Default,,0000,0000,0000,,You will need to think\Nlike an IS auditor
Dialogue: 0,0:04:32.82,0:04:35.23,Default,,0000,0000,0000,,and answer like an IS auditor.
Dialogue: 0,0:04:35.23,0:04:37.47,Default,,0000,0000,0000,,So there are some\Nhelpful instances
Dialogue: 0,0:04:37.47,0:04:40.69,Default,,0000,0000,0000,,where you know how you\Nwill be approaching.
Dialogue: 0,0:04:40.69,0:04:42.100,Default,,0000,0000,0000,,So every questions will be--
Dialogue: 0,0:04:42.100,0:04:44.79,Default,,0000,0000,0000,,most of the questions,\Nnot every questions,
Dialogue: 0,0:04:44.79,0:04:49.06,Default,,0000,0000,0000,,will be having something\Ncalled the best, most,
Dialogue: 0,0:04:49.06,0:04:51.58,Default,,0000,0000,0000,,and these kind of wordings\Nwill be definitely there.
Dialogue: 0,0:04:51.58,0:04:55.54,Default,,0000,0000,0000,,So you need to understand what\Nthey are asking in the question.
Dialogue: 0,0:04:55.54,0:05:00.25,Default,,0000,0000,0000,,Because the moment they say,\Nchoose for the best option,
Dialogue: 0,0:05:00.25,0:05:02.11,Default,,0000,0000,0000,,choose for the most\Nrelevant option,
Dialogue: 0,0:05:02.11,0:05:04.96,Default,,0000,0000,0000,,choose for the primary option,\Nchoose for the first option,
Dialogue: 0,0:05:04.96,0:05:08.91,Default,,0000,0000,0000,,so it means that two or more\Noptions that is being given
Dialogue: 0,0:05:08.91,0:05:11.77,Default,,0000,0000,0000,,are right in the\Ncontext of the question,
Dialogue: 0,0:05:11.77,0:05:14.23,Default,,0000,0000,0000,,but only one thing\Ncan be the best.
Dialogue: 0,0:05:14.23,0:05:16.33,Default,,0000,0000,0000,,Only one thing can\Nbe the primary.
Dialogue: 0,0:05:16.33,0:05:18.07,Default,,0000,0000,0000,,Only one thing can be the first.
Dialogue: 0,0:05:18.07,0:05:20.77,Default,,0000,0000,0000,,So you need to choose\Nthe answers accordingly.
Dialogue: 0,0:05:20.77,0:05:25.05,Default,,0000,0000,0000,,So say for an example, if there\Nis a given scenario of a BCP
Dialogue: 0,0:05:25.05,0:05:27.39,Default,,0000,0000,0000,,process, how it comes\Nto the business impact
Dialogue: 0,0:05:27.39,0:05:30.97,Default,,0000,0000,0000,,analysis and everything, so\Nonce you start the question,
Dialogue: 0,0:05:30.97,0:05:33.18,Default,,0000,0000,0000,,you will need to know what\Nare all the steps involved
Dialogue: 0,0:05:33.18,0:05:34.66,Default,,0000,0000,0000,,in the BCP process.
Dialogue: 0,0:05:34.66,0:05:37.57,Default,,0000,0000,0000,,How do you conduct the\Nbusiness impact analysis?
Dialogue: 0,0:05:37.57,0:05:39.15,Default,,0000,0000,0000,,How do you identify\Nthe business?
Dialogue: 0,0:05:39.15,0:05:41.91,Default,,0000,0000,0000,,These step-by-step\Nprocess is definitely
Dialogue: 0,0:05:41.91,0:05:44.07,Default,,0000,0000,0000,,essential in order\Nfor you to understand
Dialogue: 0,0:05:44.07,0:05:47.70,Default,,0000,0000,0000,,what is the first most\Noption that the IS auditor
Dialogue: 0,0:05:47.70,0:05:48.70,Default,,0000,0000,0000,,will be choosing.
Dialogue: 0,0:05:48.70,0:05:51.46,Default,,0000,0000,0000,,But it will not be as\Nstraightforward as,
Dialogue: 0,0:05:51.46,0:05:53.56,Default,,0000,0000,0000,,what is the first\Noption in the BCP?
Dialogue: 0,0:05:53.56,0:05:56.68,Default,,0000,0000,0000,,There will be a presentation\Nin terms of a scenario given.
Dialogue: 0,0:05:56.68,0:05:59.40,Default,,0000,0000,0000,,So you need to\Nunderstand the scenario,
Dialogue: 0,0:05:59.40,0:06:02.16,Default,,0000,0000,0000,,and you need to\Nanswer accordingly.
Dialogue: 0,0:06:02.16,0:06:05.43,Default,,0000,0000,0000,,So read all the options\Nand read the stem again,
Dialogue: 0,0:06:05.43,0:06:07.27,Default,,0000,0000,0000,,if you can eliminate\Ntwo options.
Dialogue: 0,0:06:07.27,0:06:09.07,Default,,0000,0000,0000,,So that is very important.
Dialogue: 0,0:06:09.07,0:06:10.69,Default,,0000,0000,0000,,Read all the options.
Dialogue: 0,0:06:10.69,0:06:13.99,Default,,0000,0000,0000,,And so if you can eliminate two\Noptions, that will be great.
Dialogue: 0,0:06:13.99,0:06:16.50,Default,,0000,0000,0000,,So in the context\Nof the question
Dialogue: 0,0:06:16.50,0:06:19.14,Default,,0000,0000,0000,,and answers in multiple\Nchoice questions,
Dialogue: 0,0:06:19.14,0:06:21.97,Default,,0000,0000,0000,,there is always a method\Ncalled elimination method.
Dialogue: 0,0:06:21.97,0:06:25.26,Default,,0000,0000,0000,,So in terms of how do\Nyou answer a question,
Dialogue: 0,0:06:25.26,0:06:29.59,Default,,0000,0000,0000,,elimination method is really\Na good method to start with.
Dialogue: 0,0:06:29.59,0:06:32.22,Default,,0000,0000,0000,,Because once you\Nstart eliminating
Dialogue: 0,0:06:32.22,0:06:34.80,Default,,0000,0000,0000,,two incorrect\Nanswers, so you will
Dialogue: 0,0:06:34.80,0:06:37.41,Default,,0000,0000,0000,,have a 50% chance\Nof clearing the exam
Dialogue: 0,0:06:37.41,0:06:41.38,Default,,0000,0000,0000,,or clearing the particular\Nquestion correctly.
Dialogue: 0,0:06:41.38,0:06:45.72,Default,,0000,0000,0000,,Because what you have is a 100\Npercentage, and out of which,
Dialogue: 0,0:06:45.72,0:06:48.48,Default,,0000,0000,0000,,you know you have already\Neliminated two irrelevant
Dialogue: 0,0:06:48.48,0:06:49.58,Default,,0000,0000,0000,,relevant answers.
Dialogue: 0,0:06:49.58,0:06:51.94,Default,,0000,0000,0000,,In most of the cases,\Ntwo irrelevant answers
Dialogue: 0,0:06:51.94,0:06:53.95,Default,,0000,0000,0000,,will be definitely visible.
Dialogue: 0,0:06:53.95,0:06:55.63,Default,,0000,0000,0000,,Once you have read\Nthe CRM and you
Dialogue: 0,0:06:55.63,0:06:57.95,Default,,0000,0000,0000,,have answered sufficient\Nnumber of questions,
Dialogue: 0,0:06:57.95,0:06:59.95,Default,,0000,0000,0000,,you will be able\Nto identify what
Dialogue: 0,0:06:59.95,0:07:02.38,Default,,0000,0000,0000,,are the two irrelevant\Nanswers, and you
Dialogue: 0,0:07:02.38,0:07:06.22,Default,,0000,0000,0000,,will be able to straight away\Neliminate it and focus your time
Dialogue: 0,0:07:06.22,0:07:07.69,Default,,0000,0000,0000,,and efforts only\Non the two, which
Dialogue: 0,0:07:07.69,0:07:11.29,Default,,0000,0000,0000,,has been most relevant for\Nthat particular context.
Dialogue: 0,0:07:11.29,0:07:15.55,Default,,0000,0000,0000,,So reread the remaining\Noptions and bring
Dialogue: 0,0:07:15.55,0:07:18.20,Default,,0000,0000,0000,,in any personal experience\Nthat you may have to determine.
Dialogue: 0,0:07:18.20,0:07:21.19,Default,,0000,0000,0000,,So the bringing the\Npersonal experience,
Dialogue: 0,0:07:21.19,0:07:23.08,Default,,0000,0000,0000,,I would say it is with a caveat.
Dialogue: 0,0:07:23.08,0:07:26.84,Default,,0000,0000,0000,,Because in terms of bringing\Nyour personal experience,
Dialogue: 0,0:07:26.84,0:07:30.61,Default,,0000,0000,0000,,sometimes what happens is you\Nneed to think like an IS auditor
Dialogue: 0,0:07:30.61,0:07:32.36,Default,,0000,0000,0000,,from ISACA's point of view.
Dialogue: 0,0:07:32.36,0:07:34.97,Default,,0000,0000,0000,,So the moment you start thinking\Nfrom your company's point
Dialogue: 0,0:07:34.97,0:07:36.43,Default,,0000,0000,0000,,of view, probably\Nsome of you would
Dialogue: 0,0:07:36.43,0:07:38.89,Default,,0000,0000,0000,,have had a seasoned\Nexperience in terms
Dialogue: 0,0:07:38.89,0:07:41.38,Default,,0000,0000,0000,,of doing the IS audit\Nand the IT auditing
Dialogue: 0,0:07:41.38,0:07:43.43,Default,,0000,0000,0000,,or whatever the\Nsecurity or whatever.
Dialogue: 0,0:07:43.43,0:07:45.82,Default,,0000,0000,0000,,But the moment you start\Nthinking from your company's
Dialogue: 0,0:07:45.82,0:07:49.23,Default,,0000,0000,0000,,perspective, things might go\Na little bit wrong because
Dialogue: 0,0:07:49.23,0:07:53.14,Default,,0000,0000,0000,,of the fact that the companies\Nor the organizations,
Dialogue: 0,0:07:53.14,0:07:55.59,Default,,0000,0000,0000,,they actually\Ntailor the controls
Dialogue: 0,0:07:55.59,0:07:58.29,Default,,0000,0000,0000,,according to their\Nrequirement, and they customize
Dialogue: 0,0:07:58.29,0:08:02.17,Default,,0000,0000,0000,,it, which in case is not\Nin ISACA's point of view
Dialogue: 0,0:08:02.17,0:08:06.54,Default,,0000,0000,0000,,because ISACA's point of view\Nis, I would call it as more
Dialogue: 0,0:08:06.54,0:08:10.80,Default,,0000,0000,0000,,raw because it is a theoretical\Nand practical knowledge of how
Dialogue: 0,0:08:10.80,0:08:15.33,Default,,0000,0000,0000,,you need to apply, but it is not\Nin any specific contextual-based
Dialogue: 0,0:08:15.33,0:08:17.02,Default,,0000,0000,0000,,or organization-based controls.
Dialogue: 0,0:08:17.02,0:08:20.40,Default,,0000,0000,0000,,Because banking will be having\Na different set of approach
Dialogue: 0,0:08:20.40,0:08:23.88,Default,,0000,0000,0000,,towards the same control,\Nand another industry
Dialogue: 0,0:08:23.88,0:08:25.71,Default,,0000,0000,0000,,will be having--\Nhealthcare for that matter,
Dialogue: 0,0:08:25.71,0:08:28.63,Default,,0000,0000,0000,,will be having a different\Napproach to the same control.
Dialogue: 0,0:08:28.63,0:08:30.79,Default,,0000,0000,0000,,So think like an IS auditor.
Dialogue: 0,0:08:30.79,0:08:33.21,Default,,0000,0000,0000,,Of course, a little bit of\Nn percentage of your work
Dialogue: 0,0:08:33.21,0:08:34.23,Default,,0000,0000,0000,,experience also.
Dialogue: 0,0:08:34.23,0:08:37.72,Default,,0000,0000,0000,,That is a logical mind,\Nthat will also help,
Dialogue: 0,0:08:37.72,0:08:42.87,Default,,0000,0000,0000,,but in my best opinion, I\Nwould suggest that let's not
Dialogue: 0,0:08:42.87,0:08:48.07,Default,,0000,0000,0000,,think that over the board and\Nthink like 100% as an IT auditor
Dialogue: 0,0:08:48.07,0:08:50.07,Default,,0000,0000,0000,,because we'll be having\Na specific industry
Dialogue: 0,0:08:50.07,0:08:52.14,Default,,0000,0000,0000,,experience wherein the\Ncontrols might be having
Dialogue: 0,0:08:52.14,0:08:55.23,Default,,0000,0000,0000,,a different approach,\Nand sometimes the answers
Dialogue: 0,0:08:55.23,0:08:57.27,Default,,0000,0000,0000,,can go incorrect.
Dialogue: 0,0:08:57.27,0:09:00.04,Default,,0000,0000,0000,,So the next thing is\Nthat domain 1 question.
Dialogue: 0,0:09:00.04,0:09:02.73,Default,,0000,0000,0000,,So first question is, so\Nwhich of the following
Dialogue: 0,0:09:02.73,0:09:05.49,Default,,0000,0000,0000,,outlines the overall authority\Nto perform an IS audit?
Dialogue: 0,0:09:05.49,0:09:08.28,Default,,0000,0000,0000,,The audit scope or the goals\Nand objectives, a request
Dialogue: 0,0:09:08.28,0:09:12.24,Default,,0000,0000,0000,,form in the form of management\Nto perform an audit, C, an audit
Dialogue: 0,0:09:12.24,0:09:14.20,Default,,0000,0000,0000,,charter, D, an approved\Naudit schedule.
Dialogue: 0,0:09:14.20,0:09:16.95,Default,,0000,0000,0000,,I think this is very\Neasy question, I think.
Dialogue: 0,0:09:16.95,0:09:19.15,Default,,0000,0000,0000,,What defines the\Noverall authority?
Dialogue: 0,0:09:19.15,0:09:21.57,Default,,0000,0000,0000,,I think the chapter\N1, the domain 1
Dialogue: 0,0:09:21.57,0:09:23.40,Default,,0000,0000,0000,,gives you a very\Ndecent information
Dialogue: 0,0:09:23.40,0:09:25.77,Default,,0000,0000,0000,,on the overall authority.
Dialogue: 0,0:09:25.77,0:09:28.72,Default,,0000,0000,0000,,Because once you see\Nthe question authority,
Dialogue: 0,0:09:28.72,0:09:33.46,Default,,0000,0000,0000,,the answer is always\Nthe approved charter
Dialogue: 0,0:09:33.46,0:09:35.83,Default,,0000,0000,0000,,because let's look\Nat the reasoning.
Dialogue: 0,0:09:35.83,0:09:38.14,Default,,0000,0000,0000,,The audit scope is\Nspecific to a single audit,
Dialogue: 0,0:09:38.14,0:09:41.07,Default,,0000,0000,0000,,and it does not grant\Nauthority to perform an audit.
Dialogue: 0,0:09:41.07,0:09:44.47,Default,,0000,0000,0000,,B, the request from\Nmanagement to perform an audit
Dialogue: 0,0:09:44.47,0:09:47.36,Default,,0000,0000,0000,,is not sufficient because it\Nrelates to specific audit.
Dialogue: 0,0:09:47.36,0:09:49.36,Default,,0000,0000,0000,,The approved audit\Ncharter outlines
Dialogue: 0,0:09:49.36,0:09:52.70,Default,,0000,0000,0000,,the auditor's responsibility,\Nauthority and accountability.
Dialogue: 0,0:09:52.70,0:09:55.54,Default,,0000,0000,0000,,So as I told, this\Nis the only document
Dialogue: 0,0:09:55.54,0:09:59.11,Default,,0000,0000,0000,,which gives you an end-to-end\Nperspective on what
Dialogue: 0,0:09:59.11,0:10:01.69,Default,,0000,0000,0000,,it is for an auditor, why\Nthe auditor is there, what
Dialogue: 0,0:10:01.69,0:10:03.89,Default,,0000,0000,0000,,is the authority that\Nthe auditor is having,
Dialogue: 0,0:10:03.89,0:10:06.11,Default,,0000,0000,0000,,what are all the things\Nthat the auditor can do.
Dialogue: 0,0:10:06.11,0:10:10.37,Default,,0000,0000,0000,,So everything is given or\Nentitled in one document.
Dialogue: 0,0:10:10.37,0:10:12.37,Default,,0000,0000,0000,,That is the reason\Nwe need to have
Dialogue: 0,0:10:12.37,0:10:15.64,Default,,0000,0000,0000,,selected option C. The approved\Naudit schedule does not
Dialogue: 0,0:10:15.64,0:10:17.38,Default,,0000,0000,0000,,grant the authority.
Dialogue: 0,0:10:17.38,0:10:21.19,Default,,0000,0000,0000,,The whole point is why this\Nwas a very easy question.
Dialogue: 0,0:10:21.19,0:10:24.43,Default,,0000,0000,0000,,But again, so the\Npoint of this question
Dialogue: 0,0:10:24.43,0:10:27.25,Default,,0000,0000,0000,,is to give you a\Nperspective on what you
Dialogue: 0,0:10:27.25,0:10:28.61,Default,,0000,0000,0000,,need to look into a question.
Dialogue: 0,0:10:28.61,0:10:31.22,Default,,0000,0000,0000,,So when you start\Nlooking into a question,
Dialogue: 0,0:10:31.22,0:10:33.77,Default,,0000,0000,0000,,so let me tell you\Nwhat is very important.
Dialogue: 0,0:10:33.77,0:10:39.58,Default,,0000,0000,0000,,If you see over here, so the\Noverall authority over here,
Dialogue: 0,0:10:39.58,0:10:43.36,Default,,0000,0000,0000,,that is the key word\Nbecause every question,
Dialogue: 0,0:10:43.36,0:10:47.56,Default,,0000,0000,0000,,and even in the exam, will\Nbe having some key word that
Dialogue: 0,0:10:47.56,0:10:49.13,Default,,0000,0000,0000,,defines the answer correctly.
Dialogue: 0,0:10:49.13,0:10:50.59,Default,,0000,0000,0000,,Because as I told.
Dialogue: 0,0:10:50.59,0:10:52.34,Default,,0000,0000,0000,,You need to\Neliminate two things.
Dialogue: 0,0:10:52.34,0:10:54.40,Default,,0000,0000,0000,,So in this, I will\Nbe eliminating
Dialogue: 0,0:10:54.40,0:10:55.96,Default,,0000,0000,0000,,a request form,\Nwhich is definitely
Dialogue: 0,0:10:55.96,0:10:58.85,Default,,0000,0000,0000,,not an overall authority, and\Nan approved audit schedule.
Dialogue: 0,0:10:58.85,0:11:01.69,Default,,0000,0000,0000,,Audit schedule is\Nonly in terms of what
Dialogue: 0,0:11:01.69,0:11:03.67,Default,,0000,0000,0000,,is the timeline that they\Nare going to work on,
Dialogue: 0,0:11:03.67,0:11:06.34,Default,,0000,0000,0000,,then they are going to carry on\Nthe planning work, when they are
Dialogue: 0,0:11:06.34,0:11:08.63,Default,,0000,0000,0000,,going to carry on the field\Nwork, when the reporting is
Dialogue: 0,0:11:08.63,0:11:11.92,Default,,0000,0000,0000,,going to be done, what is the\Ntimeline for remediation and all
Dialogue: 0,0:11:11.92,0:11:12.56,Default,,0000,0000,0000,,those stuff.
Dialogue: 0,0:11:12.56,0:11:14.92,Default,,0000,0000,0000,,But in terms of a\Nrequest form, that
Dialogue: 0,0:11:14.92,0:11:19.21,Default,,0000,0000,0000,,is in terms of just defining\Nwhat the management is going
Dialogue: 0,0:11:19.21,0:11:22.81,Default,,0000,0000,0000,,to look out for and\Na permission letter
Dialogue: 0,0:11:22.81,0:11:24.08,Default,,0000,0000,0000,,or something of that sort.
Dialogue: 0,0:11:24.08,0:11:27.16,Default,,0000,0000,0000,,But the two options,\Nagain, as I told,
Dialogue: 0,0:11:27.16,0:11:30.16,Default,,0000,0000,0000,,the closest that\Nrelates to this question
Dialogue: 0,0:11:30.16,0:11:32.45,Default,,0000,0000,0000,,will be the option\NA and option C.
Dialogue: 0,0:11:32.45,0:11:37.36,Default,,0000,0000,0000,,Because once I say that option\NA-- but again, as I told,
Dialogue: 0,0:11:37.36,0:11:40.51,Default,,0000,0000,0000,,the overall authority is\Nthe word that defines,
Dialogue: 0,0:11:40.51,0:11:44.29,Default,,0000,0000,0000,,in terms of what is going to\Nbe the primary thing that you
Dialogue: 0,0:11:44.29,0:11:47.17,Default,,0000,0000,0000,,are going to look\Nout for over here.
Dialogue: 0,0:11:47.17,0:11:51.17,Default,,0000,0000,0000,,So the next question, so in\Nperforming a risk-based audit,
Dialogue: 0,0:11:51.17,0:11:54.01,Default,,0000,0000,0000,,which risk assessment\Nis completed first
Dialogue: 0,0:11:54.01,0:11:55.25,Default,,0000,0000,0000,,by an IS auditor?
Dialogue: 0,0:11:55.25,0:11:58.30,Default,,0000,0000,0000,,So detection risk assessment,\Ncontrol risk assessment,
Dialogue: 0,0:11:58.30,0:12:01.87,Default,,0000,0000,0000,,inherent risk assessment,\Nand fraud risk assessment.
Dialogue: 0,0:12:01.87,0:12:04.90,Default,,0000,0000,0000,,So again, the question\Nis very clear in terms
Dialogue: 0,0:12:04.90,0:12:08.29,Default,,0000,0000,0000,,of what an IS auditor,\Nwhich risk assessment
Dialogue: 0,0:12:08.29,0:12:09.91,Default,,0000,0000,0000,,comes in the first?
Dialogue: 0,0:12:09.91,0:12:12.26,Default,,0000,0000,0000,,Let's look at the\Ncorrect answer now.
Dialogue: 0,0:12:12.26,0:12:14.62,Default,,0000,0000,0000,,So the correct\Nanswer is actually
Dialogue: 0,0:12:14.62,0:12:16.19,Default,,0000,0000,0000,,inherent risk assessment.
Dialogue: 0,0:12:16.19,0:12:19.57,Default,,0000,0000,0000,,So why inherent risk\Nassessment is important?
Dialogue: 0,0:12:19.57,0:12:21.80,Default,,0000,0000,0000,,So let us look at the\Nreasons over here.
Dialogue: 0,0:12:21.80,0:12:25.30,Default,,0000,0000,0000,,So detection of risk\Nassessment is performed only
Dialogue: 0,0:12:25.30,0:12:26.42,Default,,0000,0000,0000,,after the inherent risk.
Dialogue: 0,0:12:26.42,0:12:30.80,Default,,0000,0000,0000,,So as again I told, the stepwise\Nanswer is very important.
Dialogue: 0,0:12:30.80,0:12:31.88,Default,,0000,0000,0000,,What is the first?
Dialogue: 0,0:12:31.88,0:12:32.96,Default,,0000,0000,0000,,What is the first?
Dialogue: 0,0:12:32.96,0:12:35.08,Default,,0000,0000,0000,,So you need to\Nknow which is going
Dialogue: 0,0:12:35.08,0:12:37.15,Default,,0000,0000,0000,,to come in the first\Norder, which is going
Dialogue: 0,0:12:37.15,0:12:39.59,Default,,0000,0000,0000,,to come in the second order?
Dialogue: 0,0:12:39.59,0:12:41.62,Default,,0000,0000,0000,,So the detection\Nrisk assessment is
Dialogue: 0,0:12:41.62,0:12:43.54,Default,,0000,0000,0000,,performed only after\Nthe inherent risk
Dialogue: 0,0:12:43.54,0:12:45.83,Default,,0000,0000,0000,,and the controlled risk\Nassessment have been performed.
Dialogue: 0,0:12:45.83,0:12:48.47,Default,,0000,0000,0000,,So definitely this\Nanswer can be eliminated.
Dialogue: 0,0:12:48.47,0:12:51.01,Default,,0000,0000,0000,,And control risk\Nassessment is performed
Dialogue: 0,0:12:51.01,0:12:53.69,Default,,0000,0000,0000,,after the inherent risk\Nassessment has been completed.
Dialogue: 0,0:12:53.69,0:12:56.41,Default,,0000,0000,0000,,And it is to determine\Nthe level of risk
Dialogue: 0,0:12:56.41,0:12:58.64,Default,,0000,0000,0000,,that remains after the\Ncontrols have been applied.
Dialogue: 0,0:12:58.64,0:13:01.39,Default,,0000,0000,0000,,So say for an example, this\Ncontrol risk assessment
Dialogue: 0,0:13:01.39,0:13:01.91,Default,,0000,0000,0000,,is right.
Dialogue: 0,0:13:01.91,0:13:05.18,Default,,0000,0000,0000,,So it is going to give\Nyou what is left over.
Dialogue: 0,0:13:05.18,0:13:07.69,Default,,0000,0000,0000,,So even after applying\Nall the controls,
Dialogue: 0,0:13:07.69,0:13:10.64,Default,,0000,0000,0000,,what is the risk that\Nis going to remain?
Dialogue: 0,0:13:10.64,0:13:13.42,Default,,0000,0000,0000,,And that option D, the\Nfraud risk assessment,
Dialogue: 0,0:13:13.42,0:13:15.68,Default,,0000,0000,0000,,are a subset of control\Nrisk assessment.
Dialogue: 0,0:13:15.68,0:13:18.16,Default,,0000,0000,0000,,It is important,\Nbut again, it is not
Dialogue: 0,0:13:18.16,0:13:21.50,Default,,0000,0000,0000,,as important or the first\Ntask of the inherent risk.
Dialogue: 0,0:13:21.50,0:13:24.86,Default,,0000,0000,0000,,Because whenever you take\Nany process, for that matter,
Dialogue: 0,0:13:24.86,0:13:27.46,Default,,0000,0000,0000,,there will be a form\Nof inherent risk, which
Dialogue: 0,0:13:27.46,0:13:29.71,Default,,0000,0000,0000,,has to be taken into\Nconsideration before doing
Dialogue: 0,0:13:29.71,0:13:30.35,Default,,0000,0000,0000,,anything.
Dialogue: 0,0:13:30.35,0:13:33.88,Default,,0000,0000,0000,,Because inherent risk exists\Nindependently of an audit
Dialogue: 0,0:13:33.88,0:13:36.41,Default,,0000,0000,0000,,and can occur because of\Nthe nature of the business.
Dialogue: 0,0:13:36.41,0:13:37.97,Default,,0000,0000,0000,,So to successfully\Nconduct an audit,
Dialogue: 0,0:13:37.97,0:13:41.23,Default,,0000,0000,0000,,it is important to be aware of\Nthe related business processes.
Dialogue: 0,0:13:41.23,0:13:43.72,Default,,0000,0000,0000,,To perform the\Naudit, an IS auditor
Dialogue: 0,0:13:43.72,0:13:45.55,Default,,0000,0000,0000,,needs to understand\Nthe business processes.
Dialogue: 0,0:13:45.55,0:13:47.50,Default,,0000,0000,0000,,By understanding the\Nbusiness process,
Dialogue: 0,0:13:47.50,0:13:51.05,Default,,0000,0000,0000,,an IS auditor better\Nunderstands the inherent risk.
Dialogue: 0,0:13:51.05,0:13:54.01,Default,,0000,0000,0000,,So inherent risk gives\Nyou an overall idea.
Dialogue: 0,0:13:54.01,0:13:56.50,Default,,0000,0000,0000,,for an example, if\Nthe IS auditor is
Dialogue: 0,0:13:56.50,0:13:58.84,Default,,0000,0000,0000,,performing an inherent risk--
Dialogue: 0,0:13:58.84,0:14:01.60,Default,,0000,0000,0000,,an audit in a\Nbanking sector, they
Dialogue: 0,0:14:01.60,0:14:04.03,Default,,0000,0000,0000,,will be having certain sets\Nof inherent risks according
Dialogue: 0,0:14:04.03,0:14:04.58,Default,,0000,0000,0000,,to them.
Dialogue: 0,0:14:04.58,0:14:07.46,Default,,0000,0000,0000,,And if they are doing some kind\Nof audits in the health sector,
Dialogue: 0,0:14:07.46,0:14:10.72,Default,,0000,0000,0000,,they will be again having\Nsome set of inherent risk
Dialogue: 0,0:14:10.72,0:14:12.02,Default,,0000,0000,0000,,in that particular sector.
Dialogue: 0,0:14:12.02,0:14:14.02,Default,,0000,0000,0000,,So that is the reason\Nwe need to know
Dialogue: 0,0:14:14.02,0:14:16.54,Default,,0000,0000,0000,,the inherent risk of\Nthat particular industry
Dialogue: 0,0:14:16.54,0:14:18.04,Default,,0000,0000,0000,,or the particular\Nbusiness process
Dialogue: 0,0:14:18.04,0:14:19.37,Default,,0000,0000,0000,,that they are performing.
Dialogue: 0,0:14:19.37,0:14:22.48,Default,,0000,0000,0000,,Then they come into the process\Nof fraud risk or the control
Dialogue: 0,0:14:22.48,0:14:26.02,Default,,0000,0000,0000,,risk, which is the second or\Nthird option that will be.
Dialogue: 0,0:14:26.02,0:14:29.26,Default,,0000,0000,0000,,So again, as I told, the\Nlogic behind the question
Dialogue: 0,0:14:29.26,0:14:32.50,Default,,0000,0000,0000,,is that to understand\Nwhich comes first.
Dialogue: 0,0:14:32.50,0:14:35.23,Default,,0000,0000,0000,,And so also one of\Nthe other key things
Dialogue: 0,0:14:35.23,0:14:38.65,Default,,0000,0000,0000,,that is very important when\Nyou are preparing for the exam,
Dialogue: 0,0:14:38.65,0:14:41.86,Default,,0000,0000,0000,,not only from the exam\Nstand point of view,
Dialogue: 0,0:14:41.86,0:14:44.56,Default,,0000,0000,0000,,I would suggest everybody to--
Dialogue: 0,0:14:44.56,0:14:48.71,Default,,0000,0000,0000,,so what happens is, once you\Nknow the answer is correct,
Dialogue: 0,0:14:48.71,0:14:51.22,Default,,0000,0000,0000,,check the reason why you\Nhave selected that answer
Dialogue: 0,0:14:51.22,0:14:52.52,Default,,0000,0000,0000,,and why it is correct.
Dialogue: 0,0:14:52.52,0:14:55.42,Default,,0000,0000,0000,,Because 90% of the\Ntime, you might
Dialogue: 0,0:14:55.42,0:14:57.89,Default,,0000,0000,0000,,have selected an answer\Nfor some other reason,
Dialogue: 0,0:14:57.89,0:14:59.71,Default,,0000,0000,0000,,but it happens to\Nbe coincidentally
Dialogue: 0,0:14:59.71,0:15:01.88,Default,,0000,0000,0000,,correct with the ISACA.
Dialogue: 0,0:15:01.88,0:15:04.96,Default,,0000,0000,0000,,But what I require\Neverybody to do
Dialogue: 0,0:15:04.96,0:15:07.76,Default,,0000,0000,0000,,is that you need to check the\Nthinking process of ISACA.
Dialogue: 0,0:15:07.76,0:15:11.21,Default,,0000,0000,0000,,That is very important in terms\Nof understanding the concepts.
Dialogue: 0,0:15:11.21,0:15:14.21,Default,,0000,0000,0000,,And also, even if you have\Nmade the answer correct,
Dialogue: 0,0:15:14.21,0:15:18.71,Default,,0000,0000,0000,,I would require you to check\Nevery options available, A,
Dialogue: 0,0:15:18.71,0:15:20.86,Default,,0000,0000,0000,,B, C, and D, why\Nit is not correct
Dialogue: 0,0:15:20.86,0:15:23.38,Default,,0000,0000,0000,,and why the answer that\Nyou have chosen is correct.
Dialogue: 0,0:15:23.38,0:15:26.83,Default,,0000,0000,0000,,Even in case if you have not\Nselected the correct answer,
Dialogue: 0,0:15:26.83,0:15:29.27,Default,,0000,0000,0000,,please still go and\Ncheck all these options,
Dialogue: 0,0:15:29.27,0:15:30.94,Default,,0000,0000,0000,,why the answer that\Nyou have selected
Dialogue: 0,0:15:30.94,0:15:34.37,Default,,0000,0000,0000,,is not the correct answer and\Nwhy the other answer remains
Dialogue: 0,0:15:34.37,0:15:36.05,Default,,0000,0000,0000,,the correct option.
Dialogue: 0,0:15:36.05,0:15:39.00,Default,,0000,0000,0000,,So this question is, again,\Nan interesting question.
Dialogue: 0,0:15:39.00,0:15:41.24,Default,,0000,0000,0000,,So as an IS auditor\Nis performing
Dialogue: 0,0:15:41.24,0:15:44.36,Default,,0000,0000,0000,,a review of an application's\Ncontrol fields,
Dialogue: 0,0:15:44.36,0:15:46.46,Default,,0000,0000,0000,,he finds a weakness\Nin the software system
Dialogue: 0,0:15:46.46,0:15:48.56,Default,,0000,0000,0000,,and could materially\Nimpact the application.
Dialogue: 0,0:15:48.56,0:15:51.06,Default,,0000,0000,0000,,In this situation, an\NIS auditor should--
Dialogue: 0,0:15:51.06,0:15:52.47,Default,,0000,0000,0000,,Again, this is not a question.
Dialogue: 0,0:15:52.47,0:15:54.44,Default,,0000,0000,0000,,This is just a statement.
Dialogue: 0,0:15:54.44,0:15:56.39,Default,,0000,0000,0000,,We need to complete\Nthe statement.
Dialogue: 0,0:15:56.39,0:15:58.48,Default,,0000,0000,0000,,Disregard these\Ncontrols weakness
Dialogue: 0,0:15:58.48,0:15:59.90,Default,,0000,0000,0000,,because the system\Nsoftware review
Dialogue: 0,0:15:59.90,0:16:01.56,Default,,0000,0000,0000,,is beyond the scope\Nof this review.
Dialogue: 0,0:16:01.56,0:16:04.58,Default,,0000,0000,0000,,Conduct a detailed\Nsystem software review
Dialogue: 0,0:16:04.58,0:16:06.42,Default,,0000,0000,0000,,and report the control weakness.
Dialogue: 0,0:16:06.42,0:16:09.11,Default,,0000,0000,0000,,Include in the report\Nstatement that the audit
Dialogue: 0,0:16:09.11,0:16:12.27,Default,,0000,0000,0000,,was limited to review the\Napplication's control weakness.
Dialogue: 0,0:16:12.27,0:16:14.88,Default,,0000,0000,0000,,Review the system software\Ncontrols as relevant,
Dialogue: 0,0:16:14.88,0:16:18.32,Default,,0000,0000,0000,,and recommend a detailed\Nsystem software review.
Dialogue: 0,0:16:18.32,0:16:22.52,Default,,0000,0000,0000,,I think everyone is going\Nwith the option of B
Dialogue: 0,0:16:22.52,0:16:25.07,Default,,0000,0000,0000,,But sorry to disappoint,\Nthe answer is actually
Dialogue: 0,0:16:25.07,0:16:29.51,Default,,0000,0000,0000,,D. Before going into the\Ncomplete detailed review,
Dialogue: 0,0:16:29.51,0:16:34.01,Default,,0000,0000,0000,,as given here, the\Nappropriate option would
Dialogue: 0,0:16:34.01,0:16:37.19,Default,,0000,0000,0000,,be to review the system software\Nas relevant to the review,
Dialogue: 0,0:16:37.19,0:16:40.61,Default,,0000,0000,0000,,and recommend a\Ndetailed system software
Dialogue: 0,0:16:40.61,0:16:44.61,Default,,0000,0000,0000,,review for which an additional\Nresources may be recommended.
Dialogue: 0,0:16:44.61,0:16:48.96,Default,,0000,0000,0000,,So the answer might be\Nextremely similar to what B is,
Dialogue: 0,0:16:48.96,0:16:50.72,Default,,0000,0000,0000,,but the difference\Nis that you need
Dialogue: 0,0:16:50.72,0:16:53.39,Default,,0000,0000,0000,,to know where your\Nscope is going to go
Dialogue: 0,0:16:53.39,0:16:57.18,Default,,0000,0000,0000,,and how you are going to\Nplan the audit accordingly.
Dialogue: 0,0:16:57.18,0:17:00.62,Default,,0000,0000,0000,,So that is what is the defining\Nmoment for answer B and answer
Dialogue: 0,0:17:00.62,0:17:01.13,Default,,0000,0000,0000,,D.
Dialogue: 0,0:17:01.13,0:17:05.55,Default,,0000,0000,0000,,So again, answer A and answer\NC is completely irrelevant.
Dialogue: 0,0:17:05.55,0:17:07.61,Default,,0000,0000,0000,,You can take it off the radar.
Dialogue: 0,0:17:07.61,0:17:09.71,Default,,0000,0000,0000,,Definitely nobody\Nhas given answer
Dialogue: 0,0:17:09.71,0:17:11.57,Default,,0000,0000,0000,,A or C. That is a good sign.
Dialogue: 0,0:17:11.57,0:17:16.40,Default,,0000,0000,0000,,Because as I told, we need to\Neliminate these two options
Dialogue: 0,0:17:16.40,0:17:19.19,Default,,0000,0000,0000,,very clearly, in terms\Nof how we are going
Dialogue: 0,0:17:19.19,0:17:21.47,Default,,0000,0000,0000,,to understand this whole thing.
Dialogue: 0,0:17:21.47,0:17:24.56,Default,,0000,0000,0000,,So which of the following\Nis the most important reason
Dialogue: 0,0:17:24.56,0:17:28.19,Default,,0000,0000,0000,,why an audit planning\Nprocess should be reviewed
Dialogue: 0,0:17:28.19,0:17:30.23,Default,,0000,0000,0000,,at a periodic interval?
Dialogue: 0,0:17:30.23,0:17:33.17,Default,,0000,0000,0000,,To plan for a deployment of\Navailable audit resources,
Dialogue: 0,0:17:33.17,0:17:35.70,Default,,0000,0000,0000,,to consider changes to\Nthe risk environment,
Dialogue: 0,0:17:35.70,0:17:38.51,Default,,0000,0000,0000,,to provide inputs for\Ndocumentation of audit charter,
Dialogue: 0,0:17:38.51,0:17:42.38,Default,,0000,0000,0000,,to identify applicable\NIS standards.
Dialogue: 0,0:17:42.38,0:17:47.81,Default,,0000,0000,0000,,So again, the answer is B. Let\Nus look at the explanation that
Dialogue: 0,0:17:47.81,0:17:49.02,Default,,0000,0000,0000,,is given over here.
Dialogue: 0,0:17:49.02,0:17:52.19,Default,,0000,0000,0000,,So short-term and\Nlong-term issues
Dialogue: 0,0:17:52.19,0:17:54.68,Default,,0000,0000,0000,,drive the audit planning\Ncan be heavily impacted
Dialogue: 0,0:17:54.68,0:17:58.88,Default,,0000,0000,0000,,to the changes in the risk\Nenvironment, technologies,
Dialogue: 0,0:17:58.88,0:18:00.69,Default,,0000,0000,0000,,business processes\Nof the enterprise.
Dialogue: 0,0:18:00.69,0:18:03.95,Default,,0000,0000,0000,,This is well set, in terms\Nof the risk environment
Dialogue: 0,0:18:03.95,0:18:07.23,Default,,0000,0000,0000,,changes quite dynamically\Nfor some businesses.
Dialogue: 0,0:18:07.23,0:18:09.92,Default,,0000,0000,0000,,So what might be considered\Nas a risk today might not
Dialogue: 0,0:18:09.92,0:18:10.80,Default,,0000,0000,0000,,be risk tomorrow.
Dialogue: 0,0:18:10.80,0:18:13.25,Default,,0000,0000,0000,,What might be not\Nconsidered as risk today
Dialogue: 0,0:18:13.25,0:18:15.17,Default,,0000,0000,0000,,will be a risk tomorrow.
Dialogue: 0,0:18:15.17,0:18:19.04,Default,,0000,0000,0000,,So in terms of planning for the\Ndocument of available resources,
Dialogue: 0,0:18:19.04,0:18:21.24,Default,,0000,0000,0000,,it's determined by the\Naudit assignments plan.
Dialogue: 0,0:18:21.24,0:18:23.45,Default,,0000,0000,0000,,The option is\Ncompletely not relevant.
Dialogue: 0,0:18:23.45,0:18:25.82,Default,,0000,0000,0000,,Again, the option\NC is something--
Dialogue: 0,0:18:25.82,0:18:28.92,Default,,0000,0000,0000,,is a mandate from\Nthe top management.
Dialogue: 0,0:18:28.92,0:18:32.93,Default,,0000,0000,0000,,It is not something-- the\Nrisk assessment, or any kind
Dialogue: 0,0:18:32.93,0:18:35.69,Default,,0000,0000,0000,,of things is not\Ngoing to-- planning
Dialogue: 0,0:18:35.69,0:18:38.21,Default,,0000,0000,0000,,is not going to have any\Nimpact on the audit trail
Dialogue: 0,0:18:38.21,0:18:40.86,Default,,0000,0000,0000,,because it's a top\Nmanagement mandate.
Dialogue: 0,0:18:40.86,0:18:44.18,Default,,0000,0000,0000,,And D, applicability of\NIS standards, guidelines
Dialogue: 0,0:18:44.18,0:18:47.76,Default,,0000,0000,0000,,and procedures is universal\Nto any audit engagement.
Dialogue: 0,0:18:47.76,0:18:50.00,Default,,0000,0000,0000,,It is not specific\Nto any audit and not
Dialogue: 0,0:18:50.00,0:18:52.32,Default,,0000,0000,0000,,influenced by the short-term\Nand long-term issues.
Dialogue: 0,0:18:52.32,0:18:55.05,Default,,0000,0000,0000,,Again, when I talk about\Nshort-term and long-term issues,
Dialogue: 0,0:18:55.05,0:18:59.67,Default,,0000,0000,0000,,so probably we might be having\Nsome IT deployment happening,
Dialogue: 0,0:18:59.67,0:19:01.76,Default,,0000,0000,0000,,so which might change\Nthe risk posture.
Dialogue: 0,0:19:01.76,0:19:04.71,Default,,0000,0000,0000,,And classic example\Nis the COVID.
Dialogue: 0,0:19:04.71,0:19:07.77,Default,,0000,0000,0000,,So in COVID, people\Nare working from home.
Dialogue: 0,0:19:07.77,0:19:11.99,Default,,0000,0000,0000,,The risk environment changes\Nfrom being in the office space
Dialogue: 0,0:19:11.99,0:19:13.08,Default,,0000,0000,0000,,to home space.
Dialogue: 0,0:19:13.08,0:19:14.57,Default,,0000,0000,0000,,What are all the\Nrisk environment
Dialogue: 0,0:19:14.57,0:19:15.78,Default,,0000,0000,0000,,that is going to happen?
Dialogue: 0,0:19:15.78,0:19:19.27,Default,,0000,0000,0000,,So if anybody has access to\Nprinters, say for an example,
Dialogue: 0,0:19:19.27,0:19:21.23,Default,,0000,0000,0000,,a person might be connecting\Ntheir home printer
Dialogue: 0,0:19:21.23,0:19:25.38,Default,,0000,0000,0000,,to their laptop or PC, print\Nsome confidential documents,
Dialogue: 0,0:19:25.38,0:19:27.69,Default,,0000,0000,0000,,so the risk posture is\Ncompletely changing.
Dialogue: 0,0:19:27.69,0:19:29.42,Default,,0000,0000,0000,,So that is the\Nreason why we need
Dialogue: 0,0:19:29.42,0:19:32.18,Default,,0000,0000,0000,,to have planning, that\Nneeds to be detailed,
Dialogue: 0,0:19:32.18,0:19:33.53,Default,,0000,0000,0000,,done before the audit.
Dialogue: 0,0:19:33.53,0:19:36.56,Default,,0000,0000,0000,,So which of the following\Nis the most effective
Dialogue: 0,0:19:36.56,0:19:38.81,Default,,0000,0000,0000,,for implementing\Ncontrol self-assessment
Dialogue: 0,0:19:38.81,0:19:40.53,Default,,0000,0000,0000,,within small business unit?
Dialogue: 0,0:19:40.53,0:19:43.53,Default,,0000,0000,0000,,Informal peer reviews,\Nfacilitated workshops,
Dialogue: 0,0:19:43.53,0:19:47.15,Default,,0000,0000,0000,,process flow narratives,\Ndata flow diagrams?
Dialogue: 0,0:19:47.15,0:19:50.00,Default,,0000,0000,0000,,So say for an example,\Nso I will tell you
Dialogue: 0,0:19:50.00,0:19:52.67,Default,,0000,0000,0000,,the correct answer,\Nwhich is B. So when
Dialogue: 0,0:19:52.67,0:19:55.83,Default,,0000,0000,0000,,we are going-- you know the\Nanswer reasoning over here,
Dialogue: 0,0:19:55.83,0:19:56.88,Default,,0000,0000,0000,,let me not explain it.
Dialogue: 0,0:19:56.88,0:19:59.90,Default,,0000,0000,0000,,But I'll give you a different\Nperspective over here.
Dialogue: 0,0:19:59.90,0:20:02.18,Default,,0000,0000,0000,,Out of the four\Noptions actually, I
Dialogue: 0,0:20:02.18,0:20:04.16,Default,,0000,0000,0000,,feel that three are\Nactually correct
Dialogue: 0,0:20:04.16,0:20:07.19,Default,,0000,0000,0000,,for this particular\Nquestion because not at two,
Dialogue: 0,0:20:07.19,0:20:08.61,Default,,0000,0000,0000,,but three are correct.
Dialogue: 0,0:20:08.61,0:20:10.31,Default,,0000,0000,0000,,But which is the most important?
Dialogue: 0,0:20:10.31,0:20:13.19,Default,,0000,0000,0000,,When you say is that,\Nthe facilitated workshop
Dialogue: 0,0:20:13.19,0:20:16.31,Default,,0000,0000,0000,,comes into the mind because\Nof very simple fact,
Dialogue: 0,0:20:16.31,0:20:19.07,Default,,0000,0000,0000,,because the control\Nself assessments are not
Dialogue: 0,0:20:19.07,0:20:23.03,Default,,0000,0000,0000,,performed by a seasoned auditor\Nor by a seasoned or a control
Dialogue: 0,0:20:23.03,0:20:23.91,Default,,0000,0000,0000,,of people.
Dialogue: 0,0:20:23.91,0:20:26.96,Default,,0000,0000,0000,,They are being performed by the\Nbusiness themselves directly,
Dialogue: 0,0:20:26.96,0:20:29.15,Default,,0000,0000,0000,,to assess how the control\Nposture is there, how
Dialogue: 0,0:20:29.15,0:20:30.69,Default,,0000,0000,0000,,the risk posture is everything.
Dialogue: 0,0:20:30.69,0:20:34.44,Default,,0000,0000,0000,,So what happens here is\Nyou need to train them.
Dialogue: 0,0:20:34.44,0:20:38.03,Default,,0000,0000,0000,,We have to train them\Ncorrectly to identify
Dialogue: 0,0:20:38.03,0:20:40.10,Default,,0000,0000,0000,,what they are\Nsupposed to do, how
Dialogue: 0,0:20:40.10,0:20:42.36,Default,,0000,0000,0000,,they are supposed to\Ncheck for control weakness
Dialogue: 0,0:20:42.36,0:20:43.86,Default,,0000,0000,0000,,and how they are\Ngoing to report it.
Dialogue: 0,0:20:43.86,0:20:46.47,Default,,0000,0000,0000,,And that is by far the\Nmost effective way.
Dialogue: 0,0:20:46.47,0:20:50.39,Default,,0000,0000,0000,,But again, the process\Nflow diagrams is important.
Dialogue: 0,0:20:50.39,0:20:52.95,Default,,0000,0000,0000,,While doing this\Nfacilitated workshops,
Dialogue: 0,0:20:52.95,0:20:56.99,Default,,0000,0000,0000,,there will be process flow\Ndiagrams and data flow diagrams
Dialogue: 0,0:20:56.99,0:20:58.52,Default,,0000,0000,0000,,and narratives.
Dialogue: 0,0:20:58.52,0:21:00.72,Default,,0000,0000,0000,,These things are very\Nimportant in terms of,
Dialogue: 0,0:21:00.72,0:21:03.33,Default,,0000,0000,0000,,to give more added perspective.
Dialogue: 0,0:21:03.33,0:21:05.57,Default,,0000,0000,0000,,But again, that is\Nnot the only thing
Dialogue: 0,0:21:05.57,0:21:07.53,Default,,0000,0000,0000,,that is required over here.
Dialogue: 0,0:21:07.53,0:21:11.54,Default,,0000,0000,0000,,What we require over here\Nis in terms of identifying
Dialogue: 0,0:21:11.54,0:21:13.64,Default,,0000,0000,0000,,the most best option.
Dialogue: 0,0:21:13.64,0:21:16.10,Default,,0000,0000,0000,,So the next question.
Dialogue: 0,0:21:16.10,0:21:20.30,Default,,0000,0000,0000,,So which of the following would\Nan IS auditor perform the first
Dialogue: 0,0:21:20.30,0:21:21.62,Default,,0000,0000,0000,,when planning an IS audit?
Dialogue: 0,0:21:21.62,0:21:25.83,Default,,0000,0000,0000,,Define the audit deliverables,\Nfinalize the scope and the audit
Dialogue: 0,0:21:25.83,0:21:28.53,Default,,0000,0000,0000,,objectives, gain an\Nunderstanding of the business
Dialogue: 0,0:21:28.53,0:21:31.14,Default,,0000,0000,0000,,objectives and purpose,\Ndevelop the audit approach
Dialogue: 0,0:21:31.14,0:21:33.24,Default,,0000,0000,0000,,of the strategy?
Dialogue: 0,0:21:33.24,0:21:35.31,Default,,0000,0000,0000,,The C is correct answer,\Ngain an understanding
Dialogue: 0,0:21:35.31,0:21:36.97,Default,,0000,0000,0000,,of business objectives\Nand purpose.
Dialogue: 0,0:21:36.97,0:21:38.74,Default,,0000,0000,0000,,So the reason is very simple.
Dialogue: 0,0:21:38.74,0:21:41.97,Default,,0000,0000,0000,,So what we need to understand,\Nin terms of business mission
Dialogue: 0,0:21:41.97,0:21:45.15,Default,,0000,0000,0000,,objectives, purpose,\Nwhich in turn
Dialogue: 0,0:21:45.15,0:21:47.86,Default,,0000,0000,0000,,identifies to the policy,\Nstandards, guidelines,
Dialogue: 0,0:21:47.86,0:21:52.38,Default,,0000,0000,0000,,procedures, everything, because\Nit is very important to gain
Dialogue: 0,0:21:52.38,0:21:53.86,Default,,0000,0000,0000,,an understanding of business.
Dialogue: 0,0:21:53.86,0:21:57.60,Default,,0000,0000,0000,,Say for an example, if we are\Nin a pen drive manufacturing
Dialogue: 0,0:21:57.60,0:22:02.01,Default,,0000,0000,0000,,company, their core mission\Nis to manufacture a pen drive
Dialogue: 0,0:22:02.01,0:22:03.79,Default,,0000,0000,0000,,and test pen drive\Nand use pen drive.
Dialogue: 0,0:22:03.79,0:22:08.31,Default,,0000,0000,0000,,And you cannot say that the use\Nof pen drive or external drives
Dialogue: 0,0:22:08.31,0:22:10.27,Default,,0000,0000,0000,,is prohibited inside\Nthe organization.
Dialogue: 0,0:22:10.27,0:22:12.06,Default,,0000,0000,0000,,That will be the\Nmost absurd thing.
Dialogue: 0,0:22:12.06,0:22:14.56,Default,,0000,0000,0000,,And in Facebook, if you\Nare auditing Facebook,
Dialogue: 0,0:22:14.56,0:22:16.80,Default,,0000,0000,0000,,you cannot go and say that\Nviewing Facebook inside
Dialogue: 0,0:22:16.80,0:22:18.69,Default,,0000,0000,0000,,the Facebook office\Nis restricted.
Dialogue: 0,0:22:18.69,0:22:22.56,Default,,0000,0000,0000,,Of course, it can be\Nlimited to view and to view
Dialogue: 0,0:22:22.56,0:22:23.53,Default,,0000,0000,0000,,your personal account.
Dialogue: 0,0:22:23.53,0:22:25.41,Default,,0000,0000,0000,,But it will be so\Nabsurd when we say
Dialogue: 0,0:22:25.41,0:22:26.85,Default,,0000,0000,0000,,all these things\Ninside the office
Dialogue: 0,0:22:26.85,0:22:28.18,Default,,0000,0000,0000,,that they are trying to work on.
Dialogue: 0,0:22:28.18,0:22:30.12,Default,,0000,0000,0000,,So that can be an\Nexplanation that
Dialogue: 0,0:22:30.12,0:22:31.48,Default,,0000,0000,0000,,can be given to this answer.
Dialogue: 0,0:22:31.48,0:22:35.27,Default,,0000,0000,0000,,But again, I would like everyone\Nto go through the other options
Dialogue: 0,0:22:35.27,0:22:35.77,Default,,0000,0000,0000,,as well.
Dialogue: 0,0:22:35.77,0:22:38.58,Default,,0000,0000,0000,,Defining the audit\Ndeliverables is
Dialogue: 0,0:22:38.58,0:22:41.28,Default,,0000,0000,0000,,dependent upon a thorough\Nunderstanding of business
Dialogue: 0,0:22:41.28,0:22:45.06,Default,,0000,0000,0000,,objects, A, B, and\ND. Because as I told,
Dialogue: 0,0:22:45.06,0:22:48.45,Default,,0000,0000,0000,,every option is important,\Nthough it may not
Dialogue: 0,0:22:48.45,0:22:50.56,Default,,0000,0000,0000,,be relevant to this\Nparticular question,
Dialogue: 0,0:22:50.56,0:22:52.14,Default,,0000,0000,0000,,some other question\Nthat might be
Dialogue: 0,0:22:52.14,0:22:55.74,Default,,0000,0000,0000,,relevant to this particular\Noption will be arising tomorrow.
Dialogue: 0,0:22:55.74,0:22:58.56,Default,,0000,0000,0000,,So the last question\Nin the domain 1
Dialogue: 0,0:22:58.56,0:23:01.38,Default,,0000,0000,0000,,is, again, the next question.
Dialogue: 0,0:23:01.38,0:23:05.64,Default,,0000,0000,0000,,An organization performs a\Ndaily backup of critical data
Dialogue: 0,0:23:05.64,0:23:07.80,Default,,0000,0000,0000,,and software files and\Nstores in the backup tapes
Dialogue: 0,0:23:07.80,0:23:09.25,Default,,0000,0000,0000,,at an offsite location.
Dialogue: 0,0:23:09.25,0:23:12.60,Default,,0000,0000,0000,,The backup tapes are used\Nto restore the software
Dialogue: 0,0:23:12.60,0:23:14.20,Default,,0000,0000,0000,,in case of disruption.
Dialogue: 0,0:23:14.20,0:23:17.22,Default,,0000,0000,0000,,This is an example of a\Npreventive control, management
Dialogue: 0,0:23:17.22,0:23:21.66,Default,,0000,0000,0000,,control, corrective control,\Nand detective control?
Dialogue: 0,0:23:21.66,0:23:23.25,Default,,0000,0000,0000,,The correct answer\Nis actually C.
Dialogue: 0,0:23:23.25,0:23:27.00,Default,,0000,0000,0000,,So you cannot avert a particular\Ndisaster being happening.
Dialogue: 0,0:23:27.00,0:23:29.68,Default,,0000,0000,0000,,If you can avert that particular\Ndisaster being happening,
Dialogue: 0,0:23:29.68,0:23:31.09,Default,,0000,0000,0000,,that is a preventive control.
Dialogue: 0,0:23:31.09,0:23:35.88,Default,,0000,0000,0000,,But a corrective control is\Nset up-- a BCP is a critical--
Dialogue: 0,0:23:35.88,0:23:38.91,Default,,0000,0000,0000,,a DRP and a BCP are\Nthe best examples
Dialogue: 0,0:23:38.91,0:23:40.23,Default,,0000,0000,0000,,that I can give over here.
Dialogue: 0,0:23:40.23,0:23:41.98,Default,,0000,0000,0000,,It is actually a\Ncorrective control.
Dialogue: 0,0:23:41.98,0:23:43.33,Default,,0000,0000,0000,,It is not a preventive control.
Dialogue: 0,0:23:43.33,0:23:46.02,Default,,0000,0000,0000,,So say for an example, a\Ncouple of years, Chennai
Dialogue: 0,0:23:46.02,0:23:48.49,Default,,0000,0000,0000,,floods happened in 2015.
Dialogue: 0,0:23:48.49,0:23:50.13,Default,,0000,0000,0000,,That cannot be averted.
Dialogue: 0,0:23:50.13,0:23:52.17,Default,,0000,0000,0000,,And the pandemic, right\Nnow we are in a pandemic,
Dialogue: 0,0:23:52.17,0:23:53.29,Default,,0000,0000,0000,,that cannot be averted.
Dialogue: 0,0:23:53.29,0:23:58.47,Default,,0000,0000,0000,,But what we can do is a\Ncorrective control and approach
Dialogue: 0,0:23:58.47,0:23:59.02,Default,,0000,0000,0000,,towards it.
Dialogue: 0,0:23:59.02,0:24:01.89,Default,,0000,0000,0000,,So as the answer\Noutlines over here, A,
Dialogue: 0,0:24:01.89,0:24:04.47,Default,,0000,0000,0000,,preventive controls are\Nthose that avert the problems
Dialogue: 0,0:24:04.47,0:24:05.50,Default,,0000,0000,0000,,before they arise.
Dialogue: 0,0:24:05.50,0:24:09.41,Default,,0000,0000,0000,,Backup tapes cannot be used to\Nprevent damages for the files
Dialogue: 0,0:24:09.41,0:24:11.49,Default,,0000,0000,0000,,and therefore cannot be\Nclassified as a preventive
Dialogue: 0,0:24:11.49,0:24:12.22,Default,,0000,0000,0000,,control.
Dialogue: 0,0:24:12.22,0:24:15.01,Default,,0000,0000,0000,,Management controls modify\Nand processing systems,
Dialogue: 0,0:24:15.01,0:24:18.24,Default,,0000,0000,0000,,which is completely\Nirrelevant to this context.
Dialogue: 0,0:24:18.24,0:24:21.48,Default,,0000,0000,0000,,C, a corrective control\Nhelps to correct or minimize
Dialogue: 0,0:24:21.48,0:24:22.99,Default,,0000,0000,0000,,the impact of a problem.
Dialogue: 0,0:24:22.99,0:24:24.33,Default,,0000,0000,0000,,Backup tapes are such.
Dialogue: 0,0:24:24.33,0:24:26.97,Default,,0000,0000,0000,,So detective controls,\Nagain, it is not
Dialogue: 0,0:24:26.97,0:24:28.68,Default,,0000,0000,0000,,completely relevant\Nto this answer, which
Dialogue: 0,0:24:28.68,0:24:31.59,Default,,0000,0000,0000,,is going to only help in\Nterms of detecting a problem
Dialogue: 0,0:24:31.59,0:24:32.74,Default,,0000,0000,0000,,after it has arised.
Dialogue: 0,0:24:32.74,0:24:35.26,Default,,0000,0000,0000,,So detective controls\Ncan be in auditing.
Dialogue: 0,0:24:35.26,0:24:36.64,Default,,0000,0000,0000,,Auditing is a detective control.
Dialogue: 0,0:24:36.64,0:24:38.38,Default,,0000,0000,0000,,Best detective control\Nis an auditing.
Dialogue: 0,0:24:38.38,0:24:40.54,Default,,0000,0000,0000,,And a management\Ncontrol is something--
Dialogue: 0,0:24:40.54,0:24:43.89,Default,,0000,0000,0000,,if I can give an\Nexample of, in terms
Dialogue: 0,0:24:43.89,0:24:46.87,Default,,0000,0000,0000,,of recurrence of a problem,\Na processing system.
Dialogue: 0,0:24:46.87,0:24:48.90,Default,,0000,0000,0000,,Say for an example, that's--
Dialogue: 0,0:24:48.90,0:24:50.79,Default,,0000,0000,0000,,it is management controls again.
Dialogue: 0,0:24:50.79,0:24:53.79,Default,,0000,0000,0000,,The management controls are put\Nin place so that you cannot edit
Dialogue: 0,0:24:53.79,0:24:56.14,Default,,0000,0000,0000,,few items or view-only options.
Dialogue: 0,0:24:56.14,0:24:57.90,Default,,0000,0000,0000,,And those kind of\Ncontrols are also
Dialogue: 0,0:24:57.90,0:24:59.88,Default,,0000,0000,0000,,called as a management\Ncontrol, that is,
Dialogue: 0,0:24:59.88,0:25:01.87,Default,,0000,0000,0000,,to repeat the\Noccurrence of a problem.
Dialogue: 0,0:25:01.87,0:25:04.89,Default,,0000,0000,0000,,So that nobody even\Ntouches something
Dialogue: 0,0:25:04.89,0:25:06.93,Default,,0000,0000,0000,,so that it doesn't\Ngo wrong again.
Dialogue: 0,0:25:06.93,0:25:10.29,Default,,0000,0000,0000,,So this is the end of domain 1.
Dialogue: 0,0:25:10.29,0:25:14.76,Default,,0000,0000,0000,,So now we are going\Ninto the domain 2.
Dialogue: 0,0:25:14.76,0:25:17.33,Default,,0000,0000,0000,,So now we are able to see\Nthe domain to first question.
Dialogue: 0,0:25:17.33,0:25:20.62,Default,,0000,0000,0000,,So in order for the management\Nto effectively monitor
Dialogue: 0,0:25:20.62,0:25:23.02,Default,,0000,0000,0000,,and compliance of the\Nprocesses, applications,
Dialogue: 0,0:25:23.02,0:25:24.98,Default,,0000,0000,0000,,which of the following\Nwould be the most ideal?
Dialogue: 0,0:25:24.98,0:25:27.65,Default,,0000,0000,0000,,A central document repository,\Na knowledge management system,
Dialogue: 0,0:25:27.65,0:25:30.22,Default,,0000,0000,0000,,a dashboard, and a benchmarking?
Dialogue: 0,0:25:30.22,0:25:32.57,Default,,0000,0000,0000,,So the correct answer\Nis C, dashboard.
Dialogue: 0,0:25:32.57,0:25:35.20,Default,,0000,0000,0000,,So dashboard provides\Na set of information
Dialogue: 0,0:25:35.20,0:25:37.39,Default,,0000,0000,0000,,to illustrate compliance\Nof the processes,
Dialogue: 0,0:25:37.39,0:25:40.57,Default,,0000,0000,0000,,like how KRAs, KPIs\Nare going to be
Dialogue: 0,0:25:40.57,0:25:42.79,Default,,0000,0000,0000,,there, and the configurable\Nelements to keep
Dialogue: 0,0:25:42.79,0:25:43.97,Default,,0000,0000,0000,,the enterprise on course.
Dialogue: 0,0:25:43.97,0:25:47.63,Default,,0000,0000,0000,,So if you are going to deviate\Nif the matrix is not achieved,
Dialogue: 0,0:25:47.63,0:25:50.03,Default,,0000,0000,0000,,so the management will\Nbe definitely informed.
Dialogue: 0,0:25:50.03,0:25:53.80,Default,,0000,0000,0000,,So why not A, B and D?
Dialogue: 0,0:25:53.80,0:25:55.07,Default,,0000,0000,0000,,Any perspective?
Dialogue: 0,0:25:55.07,0:25:57.61,Default,,0000,0000,0000,,Again, that is given over here.
Dialogue: 0,0:25:57.61,0:25:59.74,Default,,0000,0000,0000,,In terms of\Nbenchmarking, option D,
Dialogue: 0,0:25:59.74,0:26:01.81,Default,,0000,0000,0000,,it provides an information\Nto help the management
Dialogue: 0,0:26:01.81,0:26:04.03,Default,,0000,0000,0000,,to adapt the organization\Nin a timely manner,
Dialogue: 0,0:26:04.03,0:26:05.99,Default,,0000,0000,0000,,according to the trends\Nand the environment,
Dialogue: 0,0:26:05.99,0:26:08.09,Default,,0000,0000,0000,,so what the other\Norganization is doing.
Dialogue: 0,0:26:08.09,0:26:10.52,Default,,0000,0000,0000,,So if I am in a big\Nfour organization,
Dialogue: 0,0:26:10.52,0:26:13.63,Default,,0000,0000,0000,,so what my peers are, what\Nmy competitors are doing,
Dialogue: 0,0:26:13.63,0:26:17.67,Default,,0000,0000,0000,,EY, Deloitte, KPMG, and PWC,\Nwhat they are going to do.
Dialogue: 0,0:26:17.67,0:26:23.55,Default,,0000,0000,0000,,And that will be the context in\Nwhich I will be benchmarking.
Dialogue: 0,0:26:23.55,0:26:26.22,Default,,0000,0000,0000,,And A and B, A is nothing\Nbut a document repository.
Dialogue: 0,0:26:26.22,0:26:29.40,Default,,0000,0000,0000,,That doesn't provide\Nany specific information
Dialogue: 0,0:26:29.40,0:26:31.95,Default,,0000,0000,0000,,on how the controls are\Nbeing performed, how
Dialogue: 0,0:26:31.95,0:26:33.73,Default,,0000,0000,0000,,the compliance is being done.
Dialogue: 0,0:26:33.73,0:26:37.42,Default,,0000,0000,0000,,A knowledge management system\Nprovides a valuable information,
Dialogue: 0,0:26:37.42,0:26:40.02,Default,,0000,0000,0000,,but it is generally not used by\Nthe management for compliance
Dialogue: 0,0:26:40.02,0:26:40.69,Default,,0000,0000,0000,,purposes.
Dialogue: 0,0:26:40.69,0:26:44.01,Default,,0000,0000,0000,,Again, a KMS is nothing,\Nbut in terms of--
Dialogue: 0,0:26:44.01,0:26:45.93,Default,,0000,0000,0000,,it will not provide\Nany specifics
Dialogue: 0,0:26:45.93,0:26:48.28,Default,,0000,0000,0000,,on how the control\Nis being performing,
Dialogue: 0,0:26:48.28,0:26:50.02,Default,,0000,0000,0000,,how the compliance\Nhas been performing.
Dialogue: 0,0:26:50.02,0:26:52.59,Default,,0000,0000,0000,,So that again, the important\Nthing in this question
Dialogue: 0,0:26:52.59,0:26:55.66,Default,,0000,0000,0000,,is that, effectively\Nmonitor and the most ideal.
Dialogue: 0,0:26:55.66,0:26:59.01,Default,,0000,0000,0000,,So when I say most ideal, most\Nideal, I think benchmarking
Dialogue: 0,0:26:59.01,0:27:01.86,Default,,0000,0000,0000,,and dashboard is the\Ntwo options, which
Dialogue: 0,0:27:01.86,0:27:03.40,Default,,0000,0000,0000,,I will be choosing in the last.
Dialogue: 0,0:27:03.40,0:27:05.73,Default,,0000,0000,0000,,But again, among\Nthese C and D, what
Dialogue: 0,0:27:05.73,0:27:07.83,Default,,0000,0000,0000,,is an important thing\Nwill be the D because it
Dialogue: 0,0:27:07.83,0:27:11.56,Default,,0000,0000,0000,,gives the accurate information\Non how my organization is doing.
Dialogue: 0,0:27:11.56,0:27:15.56,Default,,0000,0000,0000,,But the next question will be,\Nmy organization is doing good,
Dialogue: 0,0:27:15.56,0:27:17.54,Default,,0000,0000,0000,,but what about\Nrest of the others?
Dialogue: 0,0:27:17.54,0:27:21.31,Default,,0000,0000,0000,,That is where the benchmarking\Ncomes into the picture.
Dialogue: 0,0:27:21.31,0:27:24.01,Default,,0000,0000,0000,,The next question is,\Nwhich of the following
Dialogue: 0,0:27:24.01,0:27:27.29,Default,,0000,0000,0000,,best describes the IT department\Nstrategic planning process?
Dialogue: 0,0:27:27.29,0:27:30.67,Default,,0000,0000,0000,,An IT department will have\Neither short and long-range
Dialogue: 0,0:27:30.67,0:27:33.55,Default,,0000,0000,0000,,plans, depending upon\Norganization's broader
Dialogue: 0,0:27:33.55,0:27:35.09,Default,,0000,0000,0000,,plans and objectives.
Dialogue: 0,0:27:35.09,0:27:36.82,Default,,0000,0000,0000,,IT department\Nstrategic plan must
Dialogue: 0,0:27:36.82,0:27:38.81,Default,,0000,0000,0000,,be time- and project-oriented.
Dialogue: 0,0:27:38.81,0:27:43.12,Default,,0000,0000,0000,,So not detailed plans to address\Nand help determine priorities
Dialogue: 0,0:27:43.12,0:27:44.95,Default,,0000,0000,0000,,to meet the business needs.
Dialogue: 0,0:27:44.95,0:27:47.71,Default,,0000,0000,0000,,Long-range planning\Nfor IT department
Dialogue: 0,0:27:47.71,0:27:49.70,Default,,0000,0000,0000,,should recognize the\Norganizational goals,
Dialogue: 0,0:27:49.70,0:27:53.17,Default,,0000,0000,0000,,technological advances and\Nregulatory requirements.
Dialogue: 0,0:27:53.17,0:27:56.41,Default,,0000,0000,0000,,And D will be\Nshort-range planning
Dialogue: 0,0:27:56.41,0:27:58.45,Default,,0000,0000,0000,,for the IT department\Ndoes not need
Dialogue: 0,0:27:58.45,0:28:01.21,Default,,0000,0000,0000,,to be integrated to\Nthe short-range plans
Dialogue: 0,0:28:01.21,0:28:03.85,Default,,0000,0000,0000,,of the organization since\Ntechnological advances will
Dialogue: 0,0:28:03.85,0:28:07.06,Default,,0000,0000,0000,,drive the IT organization's\Nplans much quicker
Dialogue: 0,0:28:07.06,0:28:08.83,Default,,0000,0000,0000,,than the organization plans.
Dialogue: 0,0:28:08.83,0:28:11.76,Default,,0000,0000,0000,,I think this is a little\Nbit complicated questions.
Dialogue: 0,0:28:11.76,0:28:15.02,Default,,0000,0000,0000,,But the answer is\Nvery, very simple.
Dialogue: 0,0:28:15.02,0:28:17.33,Default,,0000,0000,0000,,So in order for\Nthis to understand--
Dialogue: 0,0:28:17.33,0:28:20.30,Default,,0000,0000,0000,,the correct answer is,\Nof course, C. So in order
Dialogue: 0,0:28:20.30,0:28:23.07,Default,,0000,0000,0000,,for you to understand\Nthis particular question,
Dialogue: 0,0:28:23.07,0:28:25.16,Default,,0000,0000,0000,,you need to understand\Ntwo things over here.
Dialogue: 0,0:28:25.16,0:28:27.74,Default,,0000,0000,0000,,You need to understand what does\Nthe strategic planning refers
Dialogue: 0,0:28:27.74,0:28:28.24,Default,,0000,0000,0000,,to.
Dialogue: 0,0:28:28.24,0:28:30.36,Default,,0000,0000,0000,,A strategic planning is\Nalways a long-term plan,
Dialogue: 0,0:28:30.36,0:28:32.28,Default,,0000,0000,0000,,which is more than--
Dialogue: 0,0:28:32.28,0:28:36.98,Default,,0000,0000,0000,,it has been more than one year\Nand derived for five years.
Dialogue: 0,0:28:36.98,0:28:38.79,Default,,0000,0000,0000,,So that is strategic planning.
Dialogue: 0,0:28:38.79,0:28:40.50,Default,,0000,0000,0000,,There is always a\Ntactical planning.
Dialogue: 0,0:28:40.50,0:28:42.17,Default,,0000,0000,0000,,Tactical planning\Nrefers to what you are
Dialogue: 0,0:28:42.17,0:28:43.46,Default,,0000,0000,0000,,going to achieve in one year.
Dialogue: 0,0:28:43.46,0:28:46.82,Default,,0000,0000,0000,,And operational planning, it\Nis anything below one year.
Dialogue: 0,0:28:46.82,0:28:49.74,Default,,0000,0000,0000,,so for a few months,\Nfor few quarters,
Dialogue: 0,0:28:49.74,0:28:51.66,Default,,0000,0000,0000,,that is going to be your\Noperational planning.
Dialogue: 0,0:28:51.66,0:28:54.59,Default,,0000,0000,0000,,So what happens here is the\Nquestion specifically asked
Dialogue: 0,0:28:54.59,0:28:56.43,Default,,0000,0000,0000,,about strategic planning.
Dialogue: 0,0:28:56.43,0:28:59.81,Default,,0000,0000,0000,,In that context,\Noption A or B is
Dialogue: 0,0:28:59.81,0:29:02.30,Default,,0000,0000,0000,,going to be\Ndefinitely eliminated
Dialogue: 0,0:29:02.30,0:29:05.27,Default,,0000,0000,0000,,because option A talks\Nabout short and long range.
Dialogue: 0,0:29:05.27,0:29:07.10,Default,,0000,0000,0000,,Short-term plans\Nare either going
Dialogue: 0,0:29:07.10,0:29:09.50,Default,,0000,0000,0000,,to be operational or\Ntactical plans, which
Dialogue: 0,0:29:09.50,0:29:11.66,Default,,0000,0000,0000,,is not in this context\Nof this question.
Dialogue: 0,0:29:11.66,0:29:13.99,Default,,0000,0000,0000,,And again, these again\Nare eliminated because
Dialogue: 0,0:29:13.99,0:29:15.17,Default,,0000,0000,0000,,of the short-range planning.
Dialogue: 0,0:29:15.17,0:29:16.80,Default,,0000,0000,0000,,Because short-range\Nplanning is, again,
Dialogue: 0,0:29:16.80,0:29:20.32,Default,,0000,0000,0000,,going to be only there for\Nthe operational and tactical,
Dialogue: 0,0:29:20.32,0:29:21.53,Default,,0000,0000,0000,,and not for the strategic.
Dialogue: 0,0:29:21.53,0:29:23.83,Default,,0000,0000,0000,,So the only answer that\Nremains in this question
Dialogue: 0,0:29:23.83,0:29:26.71,Default,,0000,0000,0000,,will be a long-range\Nplanning, which should always
Dialogue: 0,0:29:26.71,0:29:28.37,Default,,0000,0000,0000,,emphasize on\Norganizational goals,
Dialogue: 0,0:29:28.37,0:29:31.19,Default,,0000,0000,0000,,technological advancements,\Nand regulatory requirements.
Dialogue: 0,0:29:31.19,0:29:34.28,Default,,0000,0000,0000,,So that is in terms with\Nthis correct answer.
Dialogue: 0,0:29:34.28,0:29:37.51,Default,,0000,0000,0000,,Again, you need to\Nunderstand one thing
Dialogue: 0,0:29:37.51,0:29:38.90,Default,,0000,0000,0000,,before answering a question.
Dialogue: 0,0:29:38.90,0:29:42.31,Default,,0000,0000,0000,,Whenever you have\Na question, try
Dialogue: 0,0:29:42.31,0:29:45.80,Default,,0000,0000,0000,,to understand which domain\Nthey are coming in primarily.
Dialogue: 0,0:29:45.80,0:29:47.35,Default,,0000,0000,0000,,There might be a\Nsituation of two
Dialogue: 0,0:29:47.35,0:29:50.00,Default,,0000,0000,0000,,or three domains culminating\Nin one question itself,
Dialogue: 0,0:29:50.00,0:29:52.99,Default,,0000,0000,0000,,but there will be a primary\Nessence of one domain, which
Dialogue: 0,0:29:52.99,0:29:53.77,Default,,0000,0000,0000,,will be focused.
Dialogue: 0,0:29:53.77,0:29:57.52,Default,,0000,0000,0000,,In this particular question,\Nthe domain focus is only,
Dialogue: 0,0:29:57.52,0:30:00.35,Default,,0000,0000,0000,,of course, it is domain 2,\Nand the focus is domain 2.
Dialogue: 0,0:30:00.35,0:30:05.12,Default,,0000,0000,0000,,The domain 2 focuses only\Non one bang-on agenda.
Dialogue: 0,0:30:05.12,0:30:10.32,Default,,0000,0000,0000,,That is in terms of organization\Ngoals, organization's missions,
Dialogue: 0,0:30:10.32,0:30:11.97,Default,,0000,0000,0000,,organization's thing.
Dialogue: 0,0:30:11.97,0:30:14.15,Default,,0000,0000,0000,,So everything that\Nthe IT revolves--
Dialogue: 0,0:30:14.15,0:30:16.19,Default,,0000,0000,0000,,IT cannot work as a silo.
Dialogue: 0,0:30:16.19,0:30:17.73,Default,,0000,0000,0000,,It cannot work as a silo.
Dialogue: 0,0:30:17.73,0:30:20.42,Default,,0000,0000,0000,,Say for example, if your\Norganization is selling
Dialogue: 0,0:30:20.42,0:30:24.35,Default,,0000,0000,0000,,vegetables and fruits, your IT\Norganization cannot talk about
Dialogue: 0,0:30:24.35,0:30:26.75,Default,,0000,0000,0000,,implementing a\Ncloud for clients.
Dialogue: 0,0:30:26.75,0:30:28.74,Default,,0000,0000,0000,,So that is not going to happen.
Dialogue: 0,0:30:28.74,0:30:31.58,Default,,0000,0000,0000,,So that is not the\Nway the business runs.
Dialogue: 0,0:30:31.58,0:30:35.48,Default,,0000,0000,0000,,Your optimization\Nshould run in terms
Dialogue: 0,0:30:35.48,0:30:38.03,Default,,0000,0000,0000,,of how your organization is\Ngoing to sell your fruits
Dialogue: 0,0:30:38.03,0:30:38.85,Default,,0000,0000,0000,,and vegetables.
Dialogue: 0,0:30:38.85,0:30:42.44,Default,,0000,0000,0000,,They will be an\Norganic business, so
Dialogue: 0,0:30:42.44,0:30:44.55,Default,,0000,0000,0000,,how an IT acts as an enabler.
Dialogue: 0,0:30:44.55,0:30:47.37,Default,,0000,0000,0000,,So IT is only an enabler\Nof the organization.
Dialogue: 0,0:30:47.37,0:30:49.58,Default,,0000,0000,0000,,It is not something,\Nwhich is completely
Dialogue: 0,0:30:49.58,0:30:50.67,Default,,0000,0000,0000,,driving the organization.
Dialogue: 0,0:30:50.67,0:30:53.60,Default,,0000,0000,0000,,The business priorities are\Ncompletely different from what
Dialogue: 0,0:30:53.60,0:30:54.75,Default,,0000,0000,0000,,IT priorities are.
Dialogue: 0,0:30:54.75,0:30:57.57,Default,,0000,0000,0000,,So we need to align\Nour IT priorities
Dialogue: 0,0:30:57.57,0:31:00.44,Default,,0000,0000,0000,,so that the organizational\Ngoals, technological advancement
Dialogue: 0,0:31:00.44,0:31:03.89,Default,,0000,0000,0000,,and even the regulatory\Nrequirements are complied with.
Dialogue: 0,0:31:03.89,0:31:05.96,Default,,0000,0000,0000,,So the most important\Nresponsibility
Dialogue: 0,0:31:05.96,0:31:08.44,Default,,0000,0000,0000,,of data security officer\Nin an organization
Dialogue: 0,0:31:08.44,0:31:10.60,Default,,0000,0000,0000,,is, A, recommending\Nand monitoring
Dialogue: 0,0:31:10.60,0:31:13.90,Default,,0000,0000,0000,,data security policies, B,\Npromoting security awareness
Dialogue: 0,0:31:13.90,0:31:16.54,Default,,0000,0000,0000,,within the organization,\Nestablishing procedures
Dialogue: 0,0:31:16.54,0:31:19.69,Default,,0000,0000,0000,,for IT security\Npolicies, administering
Dialogue: 0,0:31:19.69,0:31:22.87,Default,,0000,0000,0000,,physical and logical\Naccess controls.
Dialogue: 0,0:31:22.87,0:31:24.62,Default,,0000,0000,0000,,The answer is A.
Dialogue: 0,0:31:24.62,0:31:25.99,Default,,0000,0000,0000,,But when I come\Nto this question,
Dialogue: 0,0:31:25.99,0:31:31.09,Default,,0000,0000,0000,,this is, again, a tricky\Nquestion because the question
Dialogue: 0,0:31:31.09,0:31:32.51,Default,,0000,0000,0000,,outlines the most important.
Dialogue: 0,0:31:32.51,0:31:34.96,Default,,0000,0000,0000,,So when we say most\Nimportant, there
Dialogue: 0,0:31:34.96,0:31:37.09,Default,,0000,0000,0000,,is always considered\Nthat there are
Dialogue: 0,0:31:37.09,0:31:39.40,Default,,0000,0000,0000,,two options which is correct,\Ntwo or more options which
Dialogue: 0,0:31:39.40,0:31:40.79,Default,,0000,0000,0000,,is correct for this question.
Dialogue: 0,0:31:40.79,0:31:44.80,Default,,0000,0000,0000,,But in terms of B, C, and D,\Nwhy it is not correct instead?
Dialogue: 0,0:31:44.80,0:31:49.10,Default,,0000,0000,0000,,B, anybody in the organization\Ncan do the security awareness.
Dialogue: 0,0:31:49.10,0:31:51.55,Default,,0000,0000,0000,,And it is not the only\Nresponsibility of a data
Dialogue: 0,0:31:51.55,0:31:53.84,Default,,0000,0000,0000,,security officer, though it\Nmight be a responsibility,
Dialogue: 0,0:31:53.84,0:31:56.00,Default,,0000,0000,0000,,but it is not the\Nonly responsibility.
Dialogue: 0,0:31:56.00,0:32:00.55,Default,,0000,0000,0000,,And C and D, they are all more\Nof establishing procedures.
Dialogue: 0,0:32:00.55,0:32:02.14,Default,,0000,0000,0000,,Establishing a\Nprocedures anybody
Dialogue: 0,0:32:02.14,0:32:03.85,Default,,0000,0000,0000,,can do in an IT organization.
Dialogue: 0,0:32:03.85,0:32:06.71,Default,,0000,0000,0000,,And administering physical\Nand logical access control,
Dialogue: 0,0:32:06.71,0:32:08.63,Default,,0000,0000,0000,,again, specific to\Nthe application.
Dialogue: 0,0:32:08.63,0:32:11.50,Default,,0000,0000,0000,,Say for an example, if they are\Nadministering the SAP, if they
Dialogue: 0,0:32:11.50,0:32:13.72,Default,,0000,0000,0000,,are administering the\NOracle, the specific team
Dialogue: 0,0:32:13.72,0:32:15.73,Default,,0000,0000,0000,,related to the SAP\Nor the Oracle will
Dialogue: 0,0:32:15.73,0:32:18.74,Default,,0000,0000,0000,,administer these controls, and\Nnot the data security officer.
Dialogue: 0,0:32:18.74,0:32:23.24,Default,,0000,0000,0000,,But data security officer in a\Ntop level, at a very high level,
Dialogue: 0,0:32:23.24,0:32:26.89,Default,,0000,0000,0000,,they will define in terms of\Nwhat is recommended in terms
Dialogue: 0,0:32:26.89,0:32:28.28,Default,,0000,0000,0000,,of protecting their data.
Dialogue: 0,0:32:28.28,0:32:30.16,Default,,0000,0000,0000,,Say for an example,\Nif the data is
Dialogue: 0,0:32:30.16,0:32:33.41,Default,,0000,0000,0000,,coming for the GDPR regulation.
Dialogue: 0,0:32:33.41,0:32:35.62,Default,,0000,0000,0000,,So what is required\Nin terms of them
Dialogue: 0,0:32:35.62,0:32:37.49,Default,,0000,0000,0000,,to protect the particular data?
Dialogue: 0,0:32:37.49,0:32:40.19,Default,,0000,0000,0000,,Mere implementation part\Nis done by the IT team.
Dialogue: 0,0:32:40.19,0:32:43.61,Default,,0000,0000,0000,,And in terms of promoting\Nthe security awareness,
Dialogue: 0,0:32:43.61,0:32:48.31,Default,,0000,0000,0000,,it can be done by anybody\Nin the organization.
Dialogue: 0,0:32:48.31,0:32:51.58,Default,,0000,0000,0000,,Now, we go to the next question.
Dialogue: 0,0:32:51.58,0:32:53.83,Default,,0000,0000,0000,,What is considered\Nmost critical element
Dialogue: 0,0:32:53.83,0:32:55.87,Default,,0000,0000,0000,,for the successful\Nimplementation of information
Dialogue: 0,0:32:55.87,0:32:57.16,Default,,0000,0000,0000,,security program?
Dialogue: 0,0:32:57.16,0:32:59.69,Default,,0000,0000,0000,,An effective enterprise\Nrisk management framework,
Dialogue: 0,0:32:59.69,0:33:04.43,Default,,0000,0000,0000,,senior management commitment,\Nan adequate budgeting process,
Dialogue: 0,0:33:04.43,0:33:06.95,Default,,0000,0000,0000,,meticulous program planning?
Dialogue: 0,0:33:06.95,0:33:11.67,Default,,0000,0000,0000,,So the correct answer is B. And\Nyou can go through this option,
Dialogue: 0,0:33:11.67,0:33:14.15,Default,,0000,0000,0000,,while the other options\Nare not correct.
Dialogue: 0,0:33:14.15,0:33:17.01,Default,,0000,0000,0000,,Let me just give you one\Nimportant perspective over here.
Dialogue: 0,0:33:17.01,0:33:19.49,Default,,0000,0000,0000,,Couple of years\Nback, when IT was not
Dialogue: 0,0:33:19.49,0:33:22.16,Default,,0000,0000,0000,,seen as a big enabler\Nfor the organizations,
Dialogue: 0,0:33:22.16,0:33:24.53,Default,,0000,0000,0000,,in the board meetings,\Nonly five minutes
Dialogue: 0,0:33:24.53,0:33:27.98,Default,,0000,0000,0000,,will be spared for any kind\Nof security or IT security
Dialogue: 0,0:33:27.98,0:33:30.30,Default,,0000,0000,0000,,related issues to be discussed.
Dialogue: 0,0:33:30.30,0:33:34.29,Default,,0000,0000,0000,,Nowadays, organizations have\Nstarted prioritizing this,
Dialogue: 0,0:33:34.29,0:33:38.07,Default,,0000,0000,0000,,and there is a very detailed\Ndiscussion on the whole thing
Dialogue: 0,0:33:38.07,0:33:40.23,Default,,0000,0000,0000,,because most of\Nthe organizations,
Dialogue: 0,0:33:40.23,0:33:43.07,Default,,0000,0000,0000,,including a small scale\Nenterprises or the medium scale
Dialogue: 0,0:33:43.07,0:33:47.72,Default,,0000,0000,0000,,enterprises, have shifted their\Nfocus only towards an IT because
Dialogue: 0,0:33:47.72,0:33:48.60,Default,,0000,0000,0000,,of the pandemic.
Dialogue: 0,0:33:48.60,0:33:52.77,Default,,0000,0000,0000,,And they have started even\Nseeing the benefits out of it.
Dialogue: 0,0:33:52.77,0:33:55.19,Default,,0000,0000,0000,,And it is important\Nfor an organization
Dialogue: 0,0:33:55.19,0:33:58.85,Default,,0000,0000,0000,,to protect their\Ninformation security assets.
Dialogue: 0,0:33:58.85,0:34:01.49,Default,,0000,0000,0000,,And management has\Nstarted putting
Dialogue: 0,0:34:01.49,0:34:04.73,Default,,0000,0000,0000,,lot of efforts in terms of\Nhow this is going to happen.
Dialogue: 0,0:34:04.73,0:34:07.52,Default,,0000,0000,0000,,The next question is, which\Nof the following tasks
Dialogue: 0,0:34:07.52,0:34:10.25,Default,,0000,0000,0000,,may be performed\Nby the same person
Dialogue: 0,0:34:10.25,0:34:13.17,Default,,0000,0000,0000,,in a well-controlled information\Nprocessing computer center?
Dialogue: 0,0:34:13.17,0:34:15.96,Default,,0000,0000,0000,,Security administrator\Nand change management,
Dialogue: 0,0:34:15.96,0:34:18.05,Default,,0000,0000,0000,,computer operations\Nand system development,
Dialogue: 0,0:34:18.05,0:34:20.54,Default,,0000,0000,0000,,system development\Nand change management,
Dialogue: 0,0:34:20.54,0:34:23.99,Default,,0000,0000,0000,,system development and\Nsystem maintenance?
Dialogue: 0,0:34:23.99,0:34:26.06,Default,,0000,0000,0000,,The correct answer\Nis actually D.
Dialogue: 0,0:34:26.06,0:34:28.64,Default,,0000,0000,0000,,The whole point of\Nthis question is
Dialogue: 0,0:34:28.64,0:34:33.78,Default,,0000,0000,0000,,that when you look at the option\NA and option C and option B,
Dialogue: 0,0:34:33.78,0:34:35.81,Default,,0000,0000,0000,,why it is not correct is that--
Dialogue: 0,0:34:35.81,0:34:39.05,Default,,0000,0000,0000,,the first option, security\Nadministration and change
Dialogue: 0,0:34:39.05,0:34:40.04,Default,,0000,0000,0000,,management.
Dialogue: 0,0:34:40.04,0:34:41.37,Default,,0000,0000,0000,,So what is change management?
Dialogue: 0,0:34:41.37,0:34:44.66,Default,,0000,0000,0000,,So change management\Nis in terms of there
Dialogue: 0,0:34:44.66,0:34:48.53,Default,,0000,0000,0000,,is a established change\Nmanagement process saying
Dialogue: 0,0:34:48.53,0:34:50.33,Default,,0000,0000,0000,,that whenever you\Napply any changes
Dialogue: 0,0:34:50.33,0:34:54.11,Default,,0000,0000,0000,,to a particular system or\Na functionality hardening
Dialogue: 0,0:34:54.11,0:34:56.18,Default,,0000,0000,0000,,or anything, anything\Nof that sort,
Dialogue: 0,0:34:56.18,0:34:58.38,Default,,0000,0000,0000,,any functionality\Nfor that matter,
Dialogue: 0,0:34:58.38,0:35:01.70,Default,,0000,0000,0000,,it needs to be promoted\Nin a certain set manner,
Dialogue: 0,0:35:01.70,0:35:03.81,Default,,0000,0000,0000,,by having an approval\Nand everything.
Dialogue: 0,0:35:03.81,0:35:07.07,Default,,0000,0000,0000,,But when the person is having\Nsecurity administration
Dialogue: 0,0:35:07.07,0:35:09.96,Default,,0000,0000,0000,,as a task and having\Na change management,
Dialogue: 0,0:35:09.96,0:35:11.99,Default,,0000,0000,0000,,they will be completely\Nbypassing this
Dialogue: 0,0:35:11.99,0:35:14.96,Default,,0000,0000,0000,,into the whole thing,\Nand people will not
Dialogue: 0,0:35:14.96,0:35:17.81,Default,,0000,0000,0000,,be able to know who has\Ndone that particular change,
Dialogue: 0,0:35:17.81,0:35:20.27,Default,,0000,0000,0000,,and there are chances\Nof malpractices.
Dialogue: 0,0:35:20.27,0:35:22.08,Default,,0000,0000,0000,,And C, again, the same thing.
Dialogue: 0,0:35:22.08,0:35:25.65,Default,,0000,0000,0000,,You develop a system and you are\Nresponsible also for the change
Dialogue: 0,0:35:25.65,0:35:27.38,Default,,0000,0000,0000,,management, is again a conflict.
Dialogue: 0,0:35:27.38,0:35:31.05,Default,,0000,0000,0000,,So change management, somebody\Nhas to promote the change.
Dialogue: 0,0:35:31.05,0:35:32.61,Default,,0000,0000,0000,,Somebody has to\Ndevelop the changes.
Dialogue: 0,0:35:32.61,0:35:34.11,Default,,0000,0000,0000,,Somebody has to\Napprove the changes.
Dialogue: 0,0:35:34.11,0:35:37.34,Default,,0000,0000,0000,,Somebody has to promote the\Nchanges into the production.
Dialogue: 0,0:35:37.34,0:35:40.91,Default,,0000,0000,0000,,So again, so you cannot develop\Nand also you cannot change
Dialogue: 0,0:35:40.91,0:35:41.70,Default,,0000,0000,0000,,at the same time.
Dialogue: 0,0:35:41.70,0:35:43.41,Default,,0000,0000,0000,,That is, again, a\Nvery important thing.
Dialogue: 0,0:35:43.41,0:35:46.40,Default,,0000,0000,0000,,So option B, the\Ncomputer operations
Dialogue: 0,0:35:46.40,0:35:47.52,Default,,0000,0000,0000,,and system development.
Dialogue: 0,0:35:47.52,0:35:51.84,Default,,0000,0000,0000,,So the option B and D are\Nlittle bit closely related.
Dialogue: 0,0:35:51.84,0:35:54.24,Default,,0000,0000,0000,,That is where the\Nconfusion starts over here.
Dialogue: 0,0:35:54.24,0:35:56.15,Default,,0000,0000,0000,,Because as many\Nof you have told,
Dialogue: 0,0:35:56.15,0:35:59.06,Default,,0000,0000,0000,,the options computer\Noperations refers
Dialogue: 0,0:35:59.06,0:36:02.13,Default,,0000,0000,0000,,to just the operations\Nand the system development
Dialogue: 0,0:36:02.13,0:36:04.34,Default,,0000,0000,0000,,because it would be--
Dialogue: 0,0:36:04.34,0:36:06.38,Default,,0000,0000,0000,,computer operations\Nand system development
Dialogue: 0,0:36:06.38,0:36:08.48,Default,,0000,0000,0000,,is incorrect choice\Nbecause this would
Dialogue: 0,0:36:08.48,0:36:12.53,Default,,0000,0000,0000,,make it possible for an operator\Nto run a program that she
Dialogue: 0,0:36:12.53,0:36:13.62,Default,,0000,0000,0000,,or he has amended.
Dialogue: 0,0:36:13.62,0:36:16.40,Default,,0000,0000,0000,,So say for an example, if the\Nparticular person is having
Dialogue: 0,0:36:16.40,0:36:19.55,Default,,0000,0000,0000,,both these access, they\Ncan run the program
Dialogue: 0,0:36:19.55,0:36:22.22,Default,,0000,0000,0000,,without having any kind\Nof additional controls
Dialogue: 0,0:36:22.22,0:36:23.04,Default,,0000,0000,0000,,being required.
Dialogue: 0,0:36:23.04,0:36:25.58,Default,,0000,0000,0000,,So that is the problem that\Nthe operations and the system
Dialogue: 0,0:36:25.58,0:36:27.39,Default,,0000,0000,0000,,development cannot\Nbe at the same time.
Dialogue: 0,0:36:27.39,0:36:30.20,Default,,0000,0000,0000,,But option D, the\Nmaintenance, maintenance
Dialogue: 0,0:36:30.20,0:36:31.68,Default,,0000,0000,0000,,can be done by the same person.
Dialogue: 0,0:36:31.68,0:36:33.23,Default,,0000,0000,0000,,Why it can be done\Nby the same person
Dialogue: 0,0:36:33.23,0:36:35.78,Default,,0000,0000,0000,,is that during the\Nmaintenance, the performance,
Dialogue: 0,0:36:35.78,0:36:37.85,Default,,0000,0000,0000,,the person requires\Naccess to the source code,
Dialogue: 0,0:36:37.85,0:36:40.70,Default,,0000,0000,0000,,and the person who\Nhas developed it
Dialogue: 0,0:36:40.70,0:36:42.84,Default,,0000,0000,0000,,will be having an access\Nto the source code.
Dialogue: 0,0:36:42.84,0:36:47.34,Default,,0000,0000,0000,,That is why in a\Nproduction, they can--
Dialogue: 0,0:36:47.34,0:36:50.63,Default,,0000,0000,0000,,and that is the reason they\Ncan promote these things
Dialogue: 0,0:36:50.63,0:36:52.64,Default,,0000,0000,0000,,into maintenance, as well\Nas system development
Dialogue: 0,0:36:52.64,0:36:53.61,Default,,0000,0000,0000,,at the same place.
Dialogue: 0,0:36:53.61,0:36:56.04,Default,,0000,0000,0000,,But again, this is a\Nvery tricky question.
Dialogue: 0,0:36:56.04,0:36:59.51,Default,,0000,0000,0000,,Exam question can be\Nsimilar to this one.
Dialogue: 0,0:36:59.51,0:37:01.83,Default,,0000,0000,0000,,And the domain 2,\Nthe next question is,
Dialogue: 0,0:37:01.83,0:37:05.96,Default,,0000,0000,0000,,which of the following is most\Ncritical control over database
Dialogue: 0,0:37:05.96,0:37:09.03,Default,,0000,0000,0000,,administration, which is the\NDBA, approval of DBA activities,
Dialogue: 0,0:37:09.03,0:37:11.72,Default,,0000,0000,0000,,segregation of duties in\Nregard to the rights and access
Dialogue: 0,0:37:11.72,0:37:14.66,Default,,0000,0000,0000,,are granting and revoking,\Nevoking of access logs
Dialogue: 0,0:37:14.66,0:37:16.64,Default,,0000,0000,0000,,and activities-- sorry,\Nreview of access logs
Dialogue: 0,0:37:16.64,0:37:21.23,Default,,0000,0000,0000,,and activities, review\Nof use of database tools?
Dialogue: 0,0:37:21.23,0:37:25.35,Default,,0000,0000,0000,,So the correct answer is\Noption B. So why important?
Dialogue: 0,0:37:25.35,0:37:30.50,Default,,0000,0000,0000,,It is important for a DBA to\Ndo this-- sorry, conflicting,
Dialogue: 0,0:37:30.50,0:37:34.61,Default,,0000,0000,0000,,rather than any of these three\Nis that other three option does
Dialogue: 0,0:37:34.61,0:37:37.29,Default,,0000,0000,0000,,not reduce the risk.
Dialogue: 0,0:37:37.29,0:37:40.11,Default,,0000,0000,0000,,This is the only preventative\Ncontrol that they can apply.
Dialogue: 0,0:37:40.11,0:37:44.90,Default,,0000,0000,0000,,So as an auditor, when I'm\Ncoming and seeing the process
Dialogue: 0,0:37:44.90,0:37:48.51,Default,,0000,0000,0000,,and saying that the DBA\Nis reviewing the logs,
Dialogue: 0,0:37:48.51,0:37:50.43,Default,,0000,0000,0000,,the DBA is using\Nthe database files,
Dialogue: 0,0:37:50.43,0:37:53.25,Default,,0000,0000,0000,,the DBA is using approval\Nactivities, everything is fine.
Dialogue: 0,0:37:53.25,0:37:58.04,Default,,0000,0000,0000,,But does he or she deliver\Non the fundamental issue
Dialogue: 0,0:37:58.04,0:37:59.73,Default,,0000,0000,0000,,in the segregation of duties?
Dialogue: 0,0:37:59.73,0:38:02.99,Default,,0000,0000,0000,,That is what will be\Nmy auditor's question.
Dialogue: 0,0:38:02.99,0:38:04.91,Default,,0000,0000,0000,,This is where it\Nis very important.
Dialogue: 0,0:38:04.91,0:38:08.09,Default,,0000,0000,0000,,Because as an IS auditor,\Nyou need to think and deliver
Dialogue: 0,0:38:08.09,0:38:08.67,Default,,0000,0000,0000,,the answer.
Dialogue: 0,0:38:08.67,0:38:11.31,Default,,0000,0000,0000,,Because if you are thinking\Nas a security analyst,
Dialogue: 0,0:38:11.31,0:38:15.51,Default,,0000,0000,0000,,this was a typical security\Nmind question and answer.
Dialogue: 0,0:38:15.51,0:38:18.24,Default,,0000,0000,0000,,I understand from guru's\Nperspective, he is right.
Dialogue: 0,0:38:18.24,0:38:20.21,Default,,0000,0000,0000,,But as an auditor,\Nyou need to think
Dialogue: 0,0:38:20.21,0:38:23.98,Default,,0000,0000,0000,,from the other side of the\Ntable, how an auditor will
Dialogue: 0,0:38:23.98,0:38:24.81,Default,,0000,0000,0000,,approach this thing.
Dialogue: 0,0:38:24.81,0:38:27.98,Default,,0000,0000,0000,,That is where this question\Nis going to be answered.
Dialogue: 0,0:38:27.98,0:38:32.46,Default,,0000,0000,0000,,You can just read the A, C, and\ND, why they are not correct.
Dialogue: 0,0:38:32.46,0:38:35.12,Default,,0000,0000,0000,,So approval of a database\Nadministration activities
Dialogue: 0,0:38:35.12,0:38:38.45,Default,,0000,0000,0000,,does not prevent the combination\Nof conflicting things.
Dialogue: 0,0:38:38.45,0:38:42.68,Default,,0000,0000,0000,,And the C option is, if DBA\Nactivities are improperly
Dialogue: 0,0:38:42.68,0:38:44.54,Default,,0000,0000,0000,,approved, review of\Naccess would be--
Dialogue: 0,0:38:44.54,0:38:46.89,Default,,0000,0000,0000,,again, that may not\Nbe reducing the risk.
Dialogue: 0,0:38:46.89,0:38:49.58,Default,,0000,0000,0000,,Say for an example, if you\Nhave fundamentally approved
Dialogue: 0,0:38:49.58,0:38:51.63,Default,,0000,0000,0000,,the access of some\Nperson incorrectly,
Dialogue: 0,0:38:51.63,0:38:53.95,Default,,0000,0000,0000,,though you may be monitoring\Nhis or her activities,
Dialogue: 0,0:38:53.95,0:38:56.70,Default,,0000,0000,0000,,but the problem is that it will\Nnot be addressed because you
Dialogue: 0,0:38:56.70,0:38:59.47,Default,,0000,0000,0000,,have already done something\Nwrong in the first place,
Dialogue: 0,0:38:59.47,0:39:02.91,Default,,0000,0000,0000,,and you cannot correct it just\Nby monitoring or taking actions
Dialogue: 0,0:39:02.91,0:39:03.60,Default,,0000,0000,0000,,of it.
Dialogue: 0,0:39:03.60,0:39:05.70,Default,,0000,0000,0000,,And reviewing of the\Nuse of database tools
Dialogue: 0,0:39:05.70,0:39:06.88,Default,,0000,0000,0000,,does not reduce the risk.
Dialogue: 0,0:39:06.88,0:39:08.46,Default,,0000,0000,0000,,Because it is only\Na detective tool.
Dialogue: 0,0:39:08.46,0:39:10.17,Default,,0000,0000,0000,,It is only a detective\Ntool, it is not
Dialogue: 0,0:39:10.17,0:39:13.06,Default,,0000,0000,0000,,a preventive or any other\Nconflicting combination.
Dialogue: 0,0:39:13.06,0:39:16.02,Default,,0000,0000,0000,,It will not prevent any\Nconflict combination.
Dialogue: 0,0:39:16.02,0:39:18.66,Default,,0000,0000,0000,,In a small organization\Nwhere a segregation of duties
Dialogue: 0,0:39:18.66,0:39:22.95,Default,,0000,0000,0000,,is not practical,\Nan employee performs
Dialogue: 0,0:39:22.95,0:39:25.66,Default,,0000,0000,0000,,a function of computer operator\Nand application programmer.
Dialogue: 0,0:39:25.66,0:39:30.03,Default,,0000,0000,0000,,Which of the following controls\Nshould the IS auditor recommend?
Dialogue: 0,0:39:30.03,0:39:32.61,Default,,0000,0000,0000,,Automated logging of\Nchanges and development
Dialogue: 0,0:39:32.61,0:39:34.71,Default,,0000,0000,0000,,of libraries, additional\Nstaff to provide
Dialogue: 0,0:39:34.71,0:39:38.55,Default,,0000,0000,0000,,SoD, procedures that verify only\Napproved program changes are
Dialogue: 0,0:39:38.55,0:39:41.40,Default,,0000,0000,0000,,implemented, access\Ncontrols to prevent operator
Dialogue: 0,0:39:41.40,0:39:43.36,Default,,0000,0000,0000,,from making program\Nmodifications?
Dialogue: 0,0:39:43.36,0:39:45.84,Default,,0000,0000,0000,,Again, this is one of\Nthe trickiest question.
Dialogue: 0,0:39:45.84,0:39:49.83,Default,,0000,0000,0000,,The whole point is that whenever\Nyou see some questions relating
Dialogue: 0,0:39:49.83,0:39:54.03,Default,,0000,0000,0000,,to the organization size, even\Nin the exam, make it very clear
Dialogue: 0,0:39:54.03,0:39:57.12,Default,,0000,0000,0000,,that the answer might be\Ndependent upon the size
Dialogue: 0,0:39:57.12,0:39:58.30,Default,,0000,0000,0000,,of the organization.
Dialogue: 0,0:39:58.30,0:40:01.23,Default,,0000,0000,0000,,If you are a large\Norganization, like Google
Dialogue: 0,0:40:01.23,0:40:04.41,Default,,0000,0000,0000,,or Apple or Facebook, you\Ncan do any of these things.
Dialogue: 0,0:40:04.41,0:40:07.12,Default,,0000,0000,0000,,B can be done, A can be done.
Dialogue: 0,0:40:07.12,0:40:10.39,Default,,0000,0000,0000,,Of course, D is something\Nthat also can be considered.
Dialogue: 0,0:40:10.39,0:40:12.28,Default,,0000,0000,0000,,But it is a small organization.
Dialogue: 0,0:40:12.28,0:40:15.70,Default,,0000,0000,0000,,Only a programmer is\Ndependent upon an operator.
Dialogue: 0,0:40:15.70,0:40:17.70,Default,,0000,0000,0000,,performing the multiple tasks.
Dialogue: 0,0:40:17.70,0:40:20.01,Default,,0000,0000,0000,,What an IS auditor\Nwould recommend
Dialogue: 0,0:40:20.01,0:40:26.11,Default,,0000,0000,0000,,will be very, very simple in\Nterms of procedures that exist,
Dialogue: 0,0:40:26.11,0:40:29.94,Default,,0000,0000,0000,,at least in paper, are to say\Nthat only the approved program
Dialogue: 0,0:40:29.94,0:40:31.11,Default,,0000,0000,0000,,changes are implemented.
Dialogue: 0,0:40:31.11,0:40:36.66,Default,,0000,0000,0000,,Because whenever we see\Nany question relating
Dialogue: 0,0:40:36.66,0:40:38.76,Default,,0000,0000,0000,,to the organization\Nsize, the answers
Dialogue: 0,0:40:38.76,0:40:41.86,Default,,0000,0000,0000,,will be highly dependent on\Nthe size of the organization.
Dialogue: 0,0:40:41.86,0:40:44.28,Default,,0000,0000,0000,,What might be the best\Ntreatmeant for a large size
Dialogue: 0,0:40:44.28,0:40:47.43,Default,,0000,0000,0000,,organization may not be the\Nbest treatment for a mid-size
Dialogue: 0,0:40:47.43,0:40:49.36,Default,,0000,0000,0000,,and a small-size organization.
Dialogue: 0,0:40:49.36,0:40:51.94,Default,,0000,0000,0000,,So we need to be very careful\Nin choosing the answer
Dialogue: 0,0:40:51.94,0:40:55.69,Default,,0000,0000,0000,,because two or more options\Nwill look extremely correct
Dialogue: 0,0:40:55.69,0:40:57.75,Default,,0000,0000,0000,,because the size\Nof the organization
Dialogue: 0,0:40:57.75,0:41:00.69,Default,,0000,0000,0000,,is going to be very dependent\Nparticular question.
Dialogue: 0,0:41:00.69,0:41:03.27,Default,,0000,0000,0000,,We are end of domain 2, and\Nwe will be having three more
Dialogue: 0,0:41:03.27,0:41:04.98,Default,,0000,0000,0000,,domains to cover.
Dialogue: 0,0:41:04.98,0:41:07.39,Default,,0000,0000,0000,,So the next question\Nis from domain 3.
Dialogue: 0,0:41:07.39,0:41:11.79,Default,,0000,0000,0000,,To assist in testing an\Nessential banking system being
Dialogue: 0,0:41:11.79,0:41:13.26,Default,,0000,0000,0000,,acquired, an\Norganization has been
Dialogue: 0,0:41:13.26,0:41:15.57,Default,,0000,0000,0000,,provided the vendor\Nwith sensitive data
Dialogue: 0,0:41:15.57,0:41:18.10,Default,,0000,0000,0000,,from its existing\Nproduction system.
Dialogue: 0,0:41:18.10,0:41:21.18,Default,,0000,0000,0000,,As an IS auditor, the\Nprimary concern that the data
Dialogue: 0,0:41:21.18,0:41:22.83,Default,,0000,0000,0000,,should be what?
Dialogue: 0,0:41:22.83,0:41:29.64,Default,,0000,0000,0000,,A, sanitized, B, complete, C,\Nrepresentative, and D, current?
Dialogue: 0,0:41:29.64,0:41:34.59,Default,,0000,0000,0000,,Whenever an asset goes out,\Neven if an asset is sunsetting,
Dialogue: 0,0:41:34.59,0:41:37.56,Default,,0000,0000,0000,,if a technology asset\Ndecommissioning is happening,
Dialogue: 0,0:41:37.56,0:41:40.05,Default,,0000,0000,0000,,the sanitization part\Nis an important thing.
Dialogue: 0,0:41:40.05,0:41:43.11,Default,,0000,0000,0000,,You don't want the data\Nor the production data
Dialogue: 0,0:41:43.11,0:41:44.76,Default,,0000,0000,0000,,to be visible to\Nothers whenever they
Dialogue: 0,0:41:44.76,0:41:47.04,Default,,0000,0000,0000,,are doing the testing,\Nwhich might give
Dialogue: 0,0:41:47.04,0:41:49.56,Default,,0000,0000,0000,,some opinions about how\Nthe organization is working
Dialogue: 0,0:41:49.56,0:41:52.15,Default,,0000,0000,0000,,and what are all the data that\Nthe organization is having.
Dialogue: 0,0:41:52.15,0:41:55.44,Default,,0000,0000,0000,,So it is important that we\Nneed definitely or should
Dialogue: 0,0:41:55.44,0:41:58.36,Default,,0000,0000,0000,,be opting for A because\Nit is very important.
Dialogue: 0,0:41:58.36,0:42:00.72,Default,,0000,0000,0000,,And test data\Nshould be sanitized
Dialogue: 0,0:42:00.72,0:42:04.51,Default,,0000,0000,0000,,to prevent sensitive data from\Nleaking to unauthorized persons.
Dialogue: 0,0:42:04.51,0:42:07.47,Default,,0000,0000,0000,,All the other three options,\Nalthough it may seem little bit
Dialogue: 0,0:42:07.47,0:42:09.97,Default,,0000,0000,0000,,relevant, but it is\Ncompletely not relevant,
Dialogue: 0,0:42:09.97,0:42:12.10,Default,,0000,0000,0000,,it is completely incorrect.
Dialogue: 0,0:42:12.10,0:42:13.89,Default,,0000,0000,0000,,Which of the following\Nis a primary purpose
Dialogue: 0,0:42:13.89,0:42:15.61,Default,,0000,0000,0000,,for conducting parallel testing?
Dialogue: 0,0:42:15.61,0:42:20.43,Default,,0000,0000,0000,,To determine whether the system\Nis cost effective, to enable
Dialogue: 0,0:42:20.43,0:42:22.26,Default,,0000,0000,0000,,comprehensive unit\Nand system testing,
Dialogue: 0,0:42:22.26,0:42:24.30,Default,,0000,0000,0000,,to highlight the errors\Nin the program interfaces
Dialogue: 0,0:42:24.30,0:42:25.97,Default,,0000,0000,0000,,with the files, to\Nensure the new system
Dialogue: 0,0:42:25.97,0:42:28.77,Default,,0000,0000,0000,,meets the user requirements?
Dialogue: 0,0:42:28.77,0:42:32.31,Default,,0000,0000,0000,,It is very simple,\Nthe answer is D. Let
Dialogue: 0,0:42:32.31,0:42:34.57,Default,,0000,0000,0000,,me put a perspective over here.
Dialogue: 0,0:42:34.57,0:42:36.88,Default,,0000,0000,0000,,So when we have two\Nsystems, say for an example,
Dialogue: 0,0:42:36.88,0:42:40.56,Default,,0000,0000,0000,,we have a tally system that's\Nrunning currently my accounting
Dialogue: 0,0:42:40.56,0:42:42.82,Default,,0000,0000,0000,,things, and we are\Ngoing to implement SAP.
Dialogue: 0,0:42:42.82,0:42:45.94,Default,,0000,0000,0000,,So tally is perfect\Nfor my organization,
Dialogue: 0,0:42:45.94,0:42:47.73,Default,,0000,0000,0000,,but my organization is\Ngoing into a billion
Dialogue: 0,0:42:47.73,0:42:48.90,Default,,0000,0000,0000,,and a trillion organization.
Dialogue: 0,0:42:48.90,0:42:49.72,Default,,0000,0000,0000,,I wish it could.
Dialogue: 0,0:42:49.72,0:42:52.62,Default,,0000,0000,0000,,And the whole thing\Nis that, so in terms
Dialogue: 0,0:42:52.62,0:42:55.66,Default,,0000,0000,0000,,with, if the new system\Nis being implemented,
Dialogue: 0,0:42:55.66,0:42:58.02,Default,,0000,0000,0000,,is everything is\Nbeing aligned and is
Dialogue: 0,0:42:58.02,0:43:00.07,Default,,0000,0000,0000,,everything is as\Nper the requirement,
Dialogue: 0,0:43:00.07,0:43:03.16,Default,,0000,0000,0000,,is everything working as\Nit was working entirely?
Dialogue: 0,0:43:03.16,0:43:06.43,Default,,0000,0000,0000,,That is the primary thing\Nthat I will be looking at it.
Dialogue: 0,0:43:06.43,0:43:09.91,Default,,0000,0000,0000,,So that is the reason that\Nwe are going with the option
Dialogue: 0,0:43:09.91,0:43:11.49,Default,,0000,0000,0000,,D. The purpose of\Nthe parallel testing
Dialogue: 0,0:43:11.49,0:43:14.37,Default,,0000,0000,0000,,is to ensure that the\Nimplementation of new system
Dialogue: 0,0:43:14.37,0:43:16.48,Default,,0000,0000,0000,,will meet the user requirements.
Dialogue: 0,0:43:16.48,0:43:19.63,Default,,0000,0000,0000,,It can be identified in\Nthe UAT testing itself,
Dialogue: 0,0:43:19.63,0:43:21.18,Default,,0000,0000,0000,,but the parallel\Ntesting gives you
Dialogue: 0,0:43:21.18,0:43:23.76,Default,,0000,0000,0000,,an idea both the systems\Nare running in parallel
Dialogue: 0,0:43:23.76,0:43:27.21,Default,,0000,0000,0000,,with each other, will give a\Nfair enough understanding on how
Dialogue: 0,0:43:27.21,0:43:28.65,Default,,0000,0000,0000,,the new system is working.
Dialogue: 0,0:43:28.65,0:43:31.44,Default,,0000,0000,0000,,In case if there are any\Ndeficiencies in the new system
Dialogue: 0,0:43:31.44,0:43:33.78,Default,,0000,0000,0000,,compared to the old\Nsystem, how it can be fixed
Dialogue: 0,0:43:33.78,0:43:34.84,Default,,0000,0000,0000,,and stuff like that.
Dialogue: 0,0:43:34.84,0:43:37.44,Default,,0000,0000,0000,,See all the other testings,\Nunit and system testings
Dialogue: 0,0:43:37.44,0:43:39.69,Default,,0000,0000,0000,,are completed before the\Nparallel testing, program
Dialogue: 0,0:43:39.69,0:43:41.19,Default,,0000,0000,0000,,interfaces with the\Nfiles are tested
Dialogue: 0,0:43:41.19,0:43:43.89,Default,,0000,0000,0000,,for errors during the system\Ntesting itself and not--
Dialogue: 0,0:43:43.89,0:43:47.13,Default,,0000,0000,0000,,and then the parallel testing\Nbecause parallel testing happens
Dialogue: 0,0:43:47.13,0:43:49.60,Default,,0000,0000,0000,,at the last stage during\Nthe implementation stage,
Dialogue: 0,0:43:49.60,0:43:52.17,Default,,0000,0000,0000,,and it's not at the first stage.
Dialogue: 0,0:43:52.17,0:43:55.57,Default,,0000,0000,0000,,When conducting a review of the\Nbusiness re-engineering process,
Dialogue: 0,0:43:55.57,0:43:58.35,Default,,0000,0000,0000,,an IS auditor found that\Nan important preventive
Dialogue: 0,0:43:58.35,0:43:59.50,Default,,0000,0000,0000,,control had been removed.
Dialogue: 0,0:43:59.50,0:44:01.86,Default,,0000,0000,0000,,In this case, an IS\Nauditor should, A,
Dialogue: 0,0:44:01.86,0:44:03.54,Default,,0000,0000,0000,,inform the management\Nof the findings
Dialogue: 0,0:44:03.54,0:44:05.16,Default,,0000,0000,0000,,and determine whether\Nthe management is
Dialogue: 0,0:44:05.16,0:44:08.28,Default,,0000,0000,0000,,willing to accept the risk\Npotential, B, determine
Dialogue: 0,0:44:08.28,0:44:10.74,Default,,0000,0000,0000,,if a detective control has\Nreplaced the preventive control
Dialogue: 0,0:44:10.74,0:44:15.72,Default,,0000,0000,0000,,during the process, and C,\Nrecommended that all the control
Dialogue: 0,0:44:15.72,0:44:19.44,Default,,0000,0000,0000,,procedures have existed before\Nthe process was re-engineered
Dialogue: 0,0:44:19.44,0:44:22.83,Default,,0000,0000,0000,,and included in the new process,\Ndevelop continuous audit
Dialogue: 0,0:44:22.83,0:44:25.47,Default,,0000,0000,0000,,approach to monitor\Nthe effects of removal
Dialogue: 0,0:44:25.47,0:44:28.77,Default,,0000,0000,0000,,of the preventive control?
Dialogue: 0,0:44:28.77,0:44:32.40,Default,,0000,0000,0000,,Whatever happens, when you\Nstumble upon something that
Dialogue: 0,0:44:32.40,0:44:35.97,Default,,0000,0000,0000,,is not of what is\Nas expected, you
Dialogue: 0,0:44:35.97,0:44:38.62,Default,,0000,0000,0000,,are supposed to inform the\Nmanagement then and now.
Dialogue: 0,0:44:38.62,0:44:40.80,Default,,0000,0000,0000,,Then look for the\Nother alternatives
Dialogue: 0,0:44:40.80,0:44:43.39,Default,,0000,0000,0000,,or other remedial measures\Nbecause the management
Dialogue: 0,0:44:43.39,0:44:45.14,Default,,0000,0000,0000,,needs to be informed\Nthat there is a risk,
Dialogue: 0,0:44:45.14,0:44:48.16,Default,,0000,0000,0000,,and whether they are willing to\Naccept this risk of not having
Dialogue: 0,0:44:48.16,0:44:49.73,Default,,0000,0000,0000,,a preventive control in place.
Dialogue: 0,0:44:49.73,0:44:52.16,Default,,0000,0000,0000,,So in this case, that's\Na classic example.
Dialogue: 0,0:44:52.16,0:44:55.15,Default,,0000,0000,0000,,And if you see\Nhere, the existence
Dialogue: 0,0:44:55.15,0:44:58.09,Default,,0000,0000,0000,,of a detective control instead\Nof a preventive control
Dialogue: 0,0:44:58.09,0:45:01.21,Default,,0000,0000,0000,,usually increases the\Nrisk that the management--
Dialogue: 0,0:45:01.21,0:45:04.13,Default,,0000,0000,0000,,increases the risk that the\Nmaterial problem may occur.
Dialogue: 0,0:45:04.13,0:45:08.98,Default,,0000,0000,0000,,So say for an example, if there\Nis also a detective control,
Dialogue: 0,0:45:08.98,0:45:11.68,Default,,0000,0000,0000,,that should be in place.
Dialogue: 0,0:45:11.68,0:45:14.38,Default,,0000,0000,0000,,There is a high probability\Nthat the particular process
Dialogue: 0,0:45:14.38,0:45:16.12,Default,,0000,0000,0000,,is prone to having\Nsome kind of a control
Dialogue: 0,0:45:16.12,0:45:19.13,Default,,0000,0000,0000,,issues and the preventive\Ncontrol that has been removed.
Dialogue: 0,0:45:19.13,0:45:21.85,Default,,0000,0000,0000,,So that is the reason\Nyou need to just inform
Dialogue: 0,0:45:21.85,0:45:25.30,Default,,0000,0000,0000,,the management at the first,\Nand then look for other options.
Dialogue: 0,0:45:25.30,0:45:27.16,Default,,0000,0000,0000,,Is it clear?
Dialogue: 0,0:45:27.16,0:45:28.58,Default,,0000,0000,0000,,Let me go to the next question.
Dialogue: 0,0:45:28.58,0:45:32.47,Default,,0000,0000,0000,,Which of the following\Nwill be considered
Dialogue: 0,0:45:32.47,0:45:34.72,Default,,0000,0000,0000,,as the most serious in\Nan enterprise resource
Dialogue: 0,0:45:34.72,0:45:37.49,Default,,0000,0000,0000,,planning software used by\Nfinancial organizations?
Dialogue: 0,0:45:37.49,0:45:39.95,Default,,0000,0000,0000,,Access controls have\Nnot been reviewed,
Dialogue: 0,0:45:39.95,0:45:41.87,Default,,0000,0000,0000,,limited documentation\Nis available,
Dialogue: 0,0:45:41.87,0:45:44.33,Default,,0000,0000,0000,,two-year backup tapes\Nhave not been replaced,
Dialogue: 0,0:45:44.33,0:45:47.03,Default,,0000,0000,0000,,database backups are\Nperformed once a day?
Dialogue: 0,0:45:47.03,0:45:49.60,Default,,0000,0000,0000,,
Dialogue: 0,0:45:49.60,0:45:51.52,Default,,0000,0000,0000,,Give you the correct\Nanswer, which is A,
Dialogue: 0,0:45:51.52,0:45:56.08,Default,,0000,0000,0000,,and you can see the explanation.
Dialogue: 0,0:45:56.08,0:45:59.26,Default,,0000,0000,0000,,When auditing the requirements\Nphase of a software acquisition,
Dialogue: 0,0:45:59.26,0:46:00.67,Default,,0000,0000,0000,,an IS auditor should--
Dialogue: 0,0:46:00.67,0:46:03.44,Default,,0000,0000,0000,,assess the responsibility\Nof the project timetable,
Dialogue: 0,0:46:03.44,0:46:05.87,Default,,0000,0000,0000,,assess the vendor's\Nproposed quality processes,
Dialogue: 0,0:46:05.87,0:46:08.12,Default,,0000,0000,0000,,ensure that the best\Nsoftware package is acquired,
Dialogue: 0,0:46:08.12,0:46:11.95,Default,,0000,0000,0000,,review the completeness\Nof the specification?
Dialogue: 0,0:46:11.95,0:46:14.53,Default,,0000,0000,0000,,The review of the completeness\Nof the specifications.
Dialogue: 0,0:46:14.53,0:46:16.07,Default,,0000,0000,0000,,Whenever you talk\Nabout requirements,
Dialogue: 0,0:46:16.07,0:46:17.44,Default,,0000,0000,0000,,there is a specification.
Dialogue: 0,0:46:17.44,0:46:20.23,Default,,0000,0000,0000,,So that is what is our\Nanswer talks about.
Dialogue: 0,0:46:20.23,0:46:21.94,Default,,0000,0000,0000,,The purpose of the\Nrequirements phase
Dialogue: 0,0:46:21.94,0:46:27.68,Default,,0000,0000,0000,,is to specify the functionality\Nof the proposed system.
Dialogue: 0,0:46:27.68,0:46:30.07,Default,,0000,0000,0000,,Therefore, an IS auditor\Nwould concentrate more
Dialogue: 0,0:46:30.07,0:46:32.68,Default,,0000,0000,0000,,on the completeness\Nof the specification.
Dialogue: 0,0:46:32.68,0:46:34.30,Default,,0000,0000,0000,,Assessing vendor\Nquality process would
Dialogue: 0,0:46:34.30,0:46:35.84,Default,,0000,0000,0000,,come after the requirements.
Dialogue: 0,0:46:35.84,0:46:38.36,Default,,0000,0000,0000,,So you have analyzed\Nthe requirements,
Dialogue: 0,0:46:38.36,0:46:40.33,Default,,0000,0000,0000,,then you are going\Nfor the vendor,
Dialogue: 0,0:46:40.33,0:46:42.35,Default,,0000,0000,0000,,this A vendor or B vendor.
Dialogue: 0,0:46:42.35,0:46:45.25,Default,,0000,0000,0000,,That is where your things\Nwill come into the picture.
Dialogue: 0,0:46:45.25,0:46:47.66,Default,,0000,0000,0000,,Analyzing the\Norganization's ability,
Dialogue: 0,0:46:47.66,0:46:49.84,Default,,0000,0000,0000,,whether they are able to\Nsupport, whether they are
Dialogue: 0,0:46:49.84,0:46:52.51,Default,,0000,0000,0000,,a big organization, like\Na Microsoft or Oracle
Dialogue: 0,0:46:52.51,0:46:56.47,Default,,0000,0000,0000,,or they are a small\Norganization, of something
Dialogue: 0,0:46:56.47,0:46:58.93,Default,,0000,0000,0000,,happening out of\Nsomewhere in the world,
Dialogue: 0,0:46:58.93,0:47:01.67,Default,,0000,0000,0000,,or whether they are able\Nto fulfill the obligations,
Dialogue: 0,0:47:01.67,0:47:04.66,Default,,0000,0000,0000,,whether the quality process\Nis good and everything.
Dialogue: 0,0:47:04.66,0:47:07.81,Default,,0000,0000,0000,,So this is how you critically\Nthink because this is a stepped
Dialogue: 0,0:47:07.81,0:47:08.50,Default,,0000,0000,0000,,approach.
Dialogue: 0,0:47:08.50,0:47:11.92,Default,,0000,0000,0000,,As I told, if there is a stepped\Napproach in some process,
Dialogue: 0,0:47:11.92,0:47:13.79,Default,,0000,0000,0000,,say for an example,\Nchange management,
Dialogue: 0,0:47:13.79,0:47:15.26,Default,,0000,0000,0000,,how do you promote the changes?
Dialogue: 0,0:47:15.26,0:47:19.21,Default,,0000,0000,0000,,I think the CRM gives you\Na very detailed explanation
Dialogue: 0,0:47:19.21,0:47:22.03,Default,,0000,0000,0000,,on how the changes are being\Npromoted, change management,
Dialogue: 0,0:47:22.03,0:47:24.82,Default,,0000,0000,0000,,and how RFP is raised.
Dialogue: 0,0:47:24.82,0:47:27.46,Default,,0000,0000,0000,,In the domain 3, it\Ntalks about the RFPs,
Dialogue: 0,0:47:27.46,0:47:29.09,Default,,0000,0000,0000,,how a software is\Nbeing acquired,
Dialogue: 0,0:47:29.09,0:47:32.65,Default,,0000,0000,0000,,how off-the-shelf software\Nis being acquired,
Dialogue: 0,0:47:32.65,0:47:35.56,Default,,0000,0000,0000,,how the requirements are built,\Nhow the requisition for proposal
Dialogue: 0,0:47:35.56,0:47:39.26,Default,,0000,0000,0000,,is built. So these kind of\Nthings are phased approaches,
Dialogue: 0,0:47:39.26,0:47:44.41,Default,,0000,0000,0000,,and you have to bound the answer\Nonly to the phased approaches.
Dialogue: 0,0:47:44.41,0:47:47.02,Default,,0000,0000,0000,,So the next question\Nis, an organization
Dialogue: 0,0:47:47.02,0:47:49.63,Default,,0000,0000,0000,,decides to purchase a\Nsoftware package instead
Dialogue: 0,0:47:49.63,0:47:50.51,Default,,0000,0000,0000,,of developing it.
Dialogue: 0,0:47:50.51,0:47:52.55,Default,,0000,0000,0000,,In such case, the design\Nand development phases
Dialogue: 0,0:47:52.55,0:47:54.34,Default,,0000,0000,0000,,of a traditional software\Ndevelopment cycle
Dialogue: 0,0:47:54.34,0:47:55.75,Default,,0000,0000,0000,,would be replaced with--
Dialogue: 0,0:47:55.75,0:47:58.31,Default,,0000,0000,0000,,selection and\Nconfiguration phases,
Dialogue: 0,0:47:58.31,0:48:00.11,Default,,0000,0000,0000,,feasibility and\Nrequirements phases,
Dialogue: 0,0:48:00.11,0:48:03.16,Default,,0000,0000,0000,,implementation and testing\Nphases, nothing, as replacement
Dialogue: 0,0:48:03.16,0:48:05.62,Default,,0000,0000,0000,,is not required?
Dialogue: 0,0:48:05.62,0:48:07.04,Default,,0000,0000,0000,,It is very simple question.
Dialogue: 0,0:48:07.04,0:48:12.31,Default,,0000,0000,0000,,Just now I told about\Nthe steps involved.
Dialogue: 0,0:48:12.31,0:48:15.04,Default,,0000,0000,0000,,This question, the option\NA is the correct answer
Dialogue: 0,0:48:15.04,0:48:19.24,Default,,0000,0000,0000,,because of the fact that the\Ndesign element is taken out.
Dialogue: 0,0:48:19.24,0:48:22.12,Default,,0000,0000,0000,,Instead of developing it,\Nyou're going to buy outside.
Dialogue: 0,0:48:22.12,0:48:26.50,Default,,0000,0000,0000,,So what happens is the selection\Nand the configuration phases
Dialogue: 0,0:48:26.50,0:48:27.73,Default,,0000,0000,0000,,come into the picture.
Dialogue: 0,0:48:27.73,0:48:30.19,Default,,0000,0000,0000,,Feasibility and the\Nrequirements comes only
Dialogue: 0,0:48:30.19,0:48:32.03,Default,,0000,0000,0000,,in terms of design requirements.
Dialogue: 0,0:48:32.03,0:48:34.93,Default,,0000,0000,0000,,So if you see the answer\Nreasoning over here,
Dialogue: 0,0:48:34.93,0:48:38.05,Default,,0000,0000,0000,,with the purchase purchased\Npackage software, design
Dialogue: 0,0:48:38.05,0:48:41.20,Default,,0000,0000,0000,,and development phases\Nof a traditional.
Dialogue: 0,0:48:41.20,0:48:43.63,Default,,0000,0000,0000,,life cycle have\Nbecome replaceable
Dialogue: 0,0:48:43.63,0:48:45.82,Default,,0000,0000,0000,,with selection and\Nconfiguration phases.
Dialogue: 0,0:48:45.82,0:48:47.53,Default,,0000,0000,0000,,A request for\Nproposal form, which
Dialogue: 0,0:48:47.53,0:48:51.16,Default,,0000,0000,0000,,is the RFP I was talking about,\Nfrom the supplier package
Dialogue: 0,0:48:51.16,0:48:55.09,Default,,0000,0000,0000,,is called for and evaluated\Nagainst the predefined criteria
Dialogue: 0,0:48:55.09,0:48:57.37,Default,,0000,0000,0000,,for selection\Nbefore a decision is
Dialogue: 0,0:48:57.37,0:48:59.20,Default,,0000,0000,0000,,made to purchase the software.
Dialogue: 0,0:48:59.20,0:49:02.95,Default,,0000,0000,0000,,Thereafter, the configuration is\Nto meet with the organization's
Dialogue: 0,0:49:02.95,0:49:03.74,Default,,0000,0000,0000,,requirements.
Dialogue: 0,0:49:03.74,0:49:06.67,Default,,0000,0000,0000,,If you take the option B, the\Nother phases of the system
Dialogue: 0,0:49:06.67,0:49:10.07,Default,,0000,0000,0000,,development, SDLC, such as\Nfeasibility study, requirements,
Dialogue: 0,0:49:10.07,0:49:12.40,Default,,0000,0000,0000,,definition, implementation\Nand post-implementation,
Dialogue: 0,0:49:12.40,0:49:15.88,Default,,0000,0000,0000,,remain unaltered because\Nit is very simple.
Dialogue: 0,0:49:15.88,0:49:17.93,Default,,0000,0000,0000,,You are not going to\Ndefine any requirements.
Dialogue: 0,0:49:17.93,0:49:20.69,Default,,0000,0000,0000,,Say for an example, if\NI am going to Subway,
Dialogue: 0,0:49:20.69,0:49:25.03,Default,,0000,0000,0000,,I am going to say very clearly\Nthat you need to put me
Dialogue: 0,0:49:25.03,0:49:27.23,Default,,0000,0000,0000,,these toppings, like jalapenos.
Dialogue: 0,0:49:27.23,0:49:30.50,Default,,0000,0000,0000,,I don't want to trigger any\Nkind of hunger mode over here.
Dialogue: 0,0:49:30.50,0:49:34.09,Default,,0000,0000,0000,,But I am just telling for an\Nexample over here because this
Dialogue: 0,0:49:34.09,0:49:38.53,Default,,0000,0000,0000,,is as simple as going to a\NSubway versus McDonald's.
Dialogue: 0,0:49:38.53,0:49:41.74,Default,,0000,0000,0000,,So if I go to Subway, I\Ncustomize my bread, along
Dialogue: 0,0:49:41.74,0:49:44.27,Default,,0000,0000,0000,,with the toppings\Nthat I require.
Dialogue: 0,0:49:44.27,0:49:45.59,Default,,0000,0000,0000,,These are the sausages.
Dialogue: 0,0:49:45.59,0:49:47.66,Default,,0000,0000,0000,,These are the toppings\Nthat I require.
Dialogue: 0,0:49:47.66,0:49:50.92,Default,,0000,0000,0000,,But if I go to make\N[INAUDIBLE], that
Dialogue: 0,0:49:50.92,0:49:54.98,Default,,0000,0000,0000,,is very clear that they\Nhave a predefined elements.
Dialogue: 0,0:49:54.98,0:49:58.09,Default,,0000,0000,0000,,And among the predefined\Nthings, what is closely
Dialogue: 0,0:49:58.09,0:49:59.45,Default,,0000,0000,0000,,matching with my requirements?
Dialogue: 0,0:49:59.45,0:50:00.19,Default,,0000,0000,0000,,I need to choose.
Dialogue: 0,0:50:00.19,0:50:01.70,Default,,0000,0000,0000,,Probably I can customize it.
Dialogue: 0,0:50:01.70,0:50:03.68,Default,,0000,0000,0000,,I can say, please\Ndon't add mushrooms.
Dialogue: 0,0:50:03.68,0:50:04.64,Default,,0000,0000,0000,,I don't like mushrooms.
Dialogue: 0,0:50:04.64,0:50:05.94,Default,,0000,0000,0000,,I can say that.
Dialogue: 0,0:50:05.94,0:50:07.97,Default,,0000,0000,0000,,That is to do with the\Nconfiguration part.
Dialogue: 0,0:50:07.97,0:50:11.23,Default,,0000,0000,0000,,But again, I cannot completely\Ndesign some new product
Dialogue: 0,0:50:11.23,0:50:13.31,Default,,0000,0000,0000,,and the requirements\Nand the feasibility.
Dialogue: 0,0:50:13.31,0:50:16.24,Default,,0000,0000,0000,,Everything has been\Ntaken off the shelf.
Dialogue: 0,0:50:16.24,0:50:17.86,Default,,0000,0000,0000,,Which of the following\Nprocedure should
Dialogue: 0,0:50:17.86,0:50:19.75,Default,,0000,0000,0000,,be implemented to help\Nto ensure completeness
Dialogue: 0,0:50:19.75,0:50:23.09,Default,,0000,0000,0000,,of inbound transactions via\Nelectronic data interchange?
Dialogue: 0,0:50:23.09,0:50:26.59,Default,,0000,0000,0000,,I think the EDI topic, you will\Nbe seeing quite a lot in the CRM
Dialogue: 0,0:50:26.59,0:50:28.58,Default,,0000,0000,0000,,as well, as sometimes\Nin the exams as well.
Dialogue: 0,0:50:28.58,0:50:29.93,Default,,0000,0000,0000,,So this is a hint.
Dialogue: 0,0:50:29.93,0:50:33.09,Default,,0000,0000,0000,,So segment counts to built-in\Ntransactions set earlier.
Dialogue: 0,0:50:33.09,0:50:35.87,Default,,0000,0000,0000,,A log of number of messages\Nreceived periodically
Dialogue: 0,0:50:35.87,0:50:37.86,Default,,0000,0000,0000,,verify that the\Ntransaction originator.
Dialogue: 0,0:50:37.86,0:50:40.46,Default,,0000,0000,0000,,An electronic audit trail of\Naccountability in tracking.
Dialogue: 0,0:50:40.46,0:50:42.14,Default,,0000,0000,0000,,Matching the\Nacknowledgment transactions
Dialogue: 0,0:50:42.14,0:50:45.98,Default,,0000,0000,0000,,received to the log\Nof EDI messages sent.
Dialogue: 0,0:50:45.98,0:50:49.47,Default,,0000,0000,0000,,The EDI is one of my\Nfavorite topics, I would say.
Dialogue: 0,0:50:49.47,0:50:51.54,Default,,0000,0000,0000,,Because while I was\Nstudying for the exams,
Dialogue: 0,0:50:51.54,0:50:54.56,Default,,0000,0000,0000,,I did a very hard work to\Nunderstand this EDI concept.
Dialogue: 0,0:50:54.56,0:50:57.29,Default,,0000,0000,0000,,
Dialogue: 0,0:50:57.29,0:51:01.22,Default,,0000,0000,0000,,So all the other options, if\Nyou see one way or the other,
Dialogue: 0,0:51:01.22,0:51:04.04,Default,,0000,0000,0000,,talks about some form of\Nauditing methodologies
Dialogue: 0,0:51:04.04,0:51:06.48,Default,,0000,0000,0000,,and acknowledgment of\Ntransactions received.
Dialogue: 0,0:51:06.48,0:51:08.45,Default,,0000,0000,0000,,Acknowledgment of\Ntransactions is just
Dialogue: 0,0:51:08.45,0:51:11.09,Default,,0000,0000,0000,,to verify whether it has been--
Dialogue: 0,0:51:11.09,0:51:12.92,Default,,0000,0000,0000,,to check the originator\Nor origination
Dialogue: 0,0:51:12.92,0:51:14.54,Default,,0000,0000,0000,,of that particular transaction.
Dialogue: 0,0:51:14.54,0:51:17.43,Default,,0000,0000,0000,,An electronic audit trail is\Nan accountability in tracking.
Dialogue: 0,0:51:17.43,0:51:19.44,Default,,0000,0000,0000,,Yes, of course, it\Ntracks the audit trail
Dialogue: 0,0:51:19.44,0:51:22.38,Default,,0000,0000,0000,,of the account for auditability.
Dialogue: 0,0:51:22.38,0:51:24.45,Default,,0000,0000,0000,,Sorry, for accountability\Nand tracking.
Dialogue: 0,0:51:24.45,0:51:27.38,Default,,0000,0000,0000,,But none of the options\Nare actually close to A
Dialogue: 0,0:51:27.38,0:51:30.35,Default,,0000,0000,0000,,because A is the correct answer.
Dialogue: 0,0:51:30.35,0:51:32.45,Default,,0000,0000,0000,,Controls total built\Ninto the trailer record
Dialogue: 0,0:51:32.45,0:51:34.43,Default,,0000,0000,0000,,of each transaction\Nor each segment
Dialogue: 0,0:51:34.43,0:51:36.02,Default,,0000,0000,0000,,is the only option\Nthat will ensure
Dialogue: 0,0:51:36.02,0:51:39.54,Default,,0000,0000,0000,,that individual transactions\Nare sent or received completely.
Dialogue: 0,0:51:39.54,0:51:43.22,Default,,0000,0000,0000,,So electronic data\Ninterchange is one concept
Dialogue: 0,0:51:43.22,0:51:46.97,Default,,0000,0000,0000,,that you need to be very,\Nvery familiar with because EDI
Dialogue: 0,0:51:46.97,0:51:49.69,Default,,0000,0000,0000,,is being used at\Nevery ERP, everything
Dialogue: 0,0:51:49.69,0:51:51.15,Default,,0000,0000,0000,,that you see in\Nthe current system.
Dialogue: 0,0:51:51.15,0:51:53.94,Default,,0000,0000,0000,,Because if one system is\Ntalking, say for an example,
Dialogue: 0,0:51:53.94,0:51:57.86,Default,,0000,0000,0000,,if [INAUDIBLE] is talking\Nto Oracle or JD Edwards
Dialogue: 0,0:51:57.86,0:51:59.93,Default,,0000,0000,0000,,or any other things\Nfor that matter,
Dialogue: 0,0:51:59.93,0:52:02.79,Default,,0000,0000,0000,,they are talking in the language\Nof EDI with an XML file.
Dialogue: 0,0:52:02.79,0:52:04.79,Default,,0000,0000,0000,,So each transaction\Nthat is being
Dialogue: 0,0:52:04.79,0:52:06.89,Default,,0000,0000,0000,,sent as an inbound\Ntransaction and sent
Dialogue: 0,0:52:06.89,0:52:09.69,Default,,0000,0000,0000,,as an outbound transaction from\None system to another system,
Dialogue: 0,0:52:09.69,0:52:11.75,Default,,0000,0000,0000,,they need to have\Nan individual count,
Dialogue: 0,0:52:11.75,0:52:14.24,Default,,0000,0000,0000,,and they need to have\Nan individual receipt
Dialogue: 0,0:52:14.24,0:52:15.18,Default,,0000,0000,0000,,of transaction.
Dialogue: 0,0:52:15.18,0:52:18.59,Default,,0000,0000,0000,,That is the reason why we\Nneed to match it accordingly.
Dialogue: 0,0:52:18.59,0:52:20.79,Default,,0000,0000,0000,,Let me move on to\Nthe next question.
Dialogue: 0,0:52:20.79,0:52:25.01,Default,,0000,0000,0000,,So that ends the domain 3,\Nand we are now into domain 4.
Dialogue: 0,0:52:25.01,0:52:27.32,Default,,0000,0000,0000,,So the domain 4 starts--
Dialogue: 0,0:52:27.32,0:52:30.80,Default,,0000,0000,0000,,I think domain 4 is all about\Nthe information security assets,
Dialogue: 0,0:52:30.80,0:52:33.21,Default,,0000,0000,0000,,different types of\Ninformation security assets,
Dialogue: 0,0:52:33.21,0:52:34.71,Default,,0000,0000,0000,,and BCP and BRP.
Dialogue: 0,0:52:34.71,0:52:37.40,Default,,0000,0000,0000,,So which one of the following\Nprovides the best method
Dialogue: 0,0:52:37.40,0:52:39.92,Default,,0000,0000,0000,,for determining the\Nlevel of performance
Dialogue: 0,0:52:39.92,0:52:42.35,Default,,0000,0000,0000,,by similar information\Nprocessing facility
Dialogue: 0,0:52:42.35,0:52:43.40,Default,,0000,0000,0000,,environments?
Dialogue: 0,0:52:43.40,0:52:47.96,Default,,0000,0000,0000,,User satisfaction, B, goal\Naccomplishment, C, benchmarking,
Dialogue: 0,0:52:47.96,0:52:51.68,Default,,0000,0000,0000,,and D, capacity and\Ngrowth planning?
Dialogue: 0,0:52:51.68,0:52:54.08,Default,,0000,0000,0000,,So it is actually\Nthe C, benchmarking,
Dialogue: 0,0:52:54.08,0:52:56.96,Default,,0000,0000,0000,,because whenever we\Nwanted to ascertain
Dialogue: 0,0:52:56.96,0:53:00.09,Default,,0000,0000,0000,,any level of performance--\Nwe talked about dashboards.
Dialogue: 0,0:53:00.09,0:53:04.26,Default,,0000,0000,0000,,Dashboards gives us what our\Norganization is performing.
Dialogue: 0,0:53:04.26,0:53:07.80,Default,,0000,0000,0000,,And in terms of what the\Nother organizations are doing,
Dialogue: 0,0:53:07.80,0:53:10.38,Default,,0000,0000,0000,,the best way to identify\Nis to benchmark.
Dialogue: 0,0:53:10.38,0:53:13.22,Default,,0000,0000,0000,,Say for an example, I\Nam working in a big 4,
Dialogue: 0,0:53:13.22,0:53:15.23,Default,,0000,0000,0000,,and I want to\Nascertain the value
Dialogue: 0,0:53:15.23,0:53:19.77,Default,,0000,0000,0000,,of what others are doing, what\NI am doing compared to others.
Dialogue: 0,0:53:19.77,0:53:22.67,Default,,0000,0000,0000,,The only thing that we need\Nto do is the benchmarking.
Dialogue: 0,0:53:22.67,0:53:25.94,Default,,0000,0000,0000,,So that is very important,\Nthat we do the benchmarking
Dialogue: 0,0:53:25.94,0:53:30.56,Default,,0000,0000,0000,,among our competitors and\Nsimilar facility environments.
Dialogue: 0,0:53:30.56,0:53:33.14,Default,,0000,0000,0000,,Let me move on to\Nthe next slide.
Dialogue: 0,0:53:33.14,0:53:35.72,Default,,0000,0000,0000,,So which one of the following\Nis the most effective method
Dialogue: 0,0:53:35.72,0:53:40.22,Default,,0000,0000,0000,,for IS auditor to use in testing\Nthe program change management
Dialogue: 0,0:53:40.22,0:53:41.51,Default,,0000,0000,0000,,process?
Dialogue: 0,0:53:41.51,0:53:44.39,Default,,0000,0000,0000,,Trace from system-generated\Ninformation
Dialogue: 0,0:53:44.39,0:53:46.41,Default,,0000,0000,0000,,to the change management\Ndocumentation.
Dialogue: 0,0:53:46.41,0:53:48.35,Default,,0000,0000,0000,,Examine change\Nmanagement documentation
Dialogue: 0,0:53:48.35,0:53:50.18,Default,,0000,0000,0000,,for the evidence of accuracy.
Dialogue: 0,0:53:50.18,0:53:52.19,Default,,0000,0000,0000,,Trace from change\Nmanagement documentation
Dialogue: 0,0:53:52.19,0:53:54.38,Default,,0000,0000,0000,,to a system-generated\Naudit trail.
Dialogue: 0,0:53:54.38,0:53:56.39,Default,,0000,0000,0000,,Or examine change\Nmanagement documentation
Dialogue: 0,0:53:56.39,0:53:57.81,Default,,0000,0000,0000,,for evidence of completeness.
Dialogue: 0,0:53:57.81,0:53:59.50,Default,,0000,0000,0000,,So this is a very\Ntricky question again.
Dialogue: 0,0:53:59.50,0:54:02.18,Default,,0000,0000,0000,,
Dialogue: 0,0:54:02.18,0:54:05.03,Default,,0000,0000,0000,,The correct answer\Nis A, trace from
Dialogue: 0,0:54:05.03,0:54:07.31,Default,,0000,0000,0000,,system-generated information\Nto the change management
Dialogue: 0,0:54:07.31,0:54:09.17,Default,,0000,0000,0000,,documentation.
Dialogue: 0,0:54:09.17,0:54:12.95,Default,,0000,0000,0000,,They are talking about\Nmost effective method.
Dialogue: 0,0:54:12.95,0:54:14.99,Default,,0000,0000,0000,,By virtue of saying that\Nmost effective method,
Dialogue: 0,0:54:14.99,0:54:15.100,Default,,0000,0000,0000,,two options are correct.
Dialogue: 0,0:54:15.100,0:54:18.53,Default,,0000,0000,0000,,A and C are extremely correct.
Dialogue: 0,0:54:18.53,0:54:21.74,Default,,0000,0000,0000,,B and D are extremely incorrect\Nbecause of the fact that when
Dialogue: 0,0:54:21.74,0:54:23.12,Default,,0000,0000,0000,,you check the\Ndocumentation only,
Dialogue: 0,0:54:23.12,0:54:25.65,Default,,0000,0000,0000,,you cannot derive any\Naccuracy out of it,
Dialogue: 0,0:54:25.65,0:54:27.12,Default,,0000,0000,0000,,derive any\Ncompleteness out of it.
Dialogue: 0,0:54:27.12,0:54:30.30,Default,,0000,0000,0000,,So B and D, or C or D is\Na straight elimination.
Dialogue: 0,0:54:30.30,0:54:32.54,Default,,0000,0000,0000,,But what happens\Nwith the A and C
Dialogue: 0,0:54:32.54,0:54:35.87,Default,,0000,0000,0000,,is that when you do it from\Nthe documentation perspective
Dialogue: 0,0:54:35.87,0:54:38.33,Default,,0000,0000,0000,,and then go to the system audit\Ntrail, it is still correct.
Dialogue: 0,0:54:38.33,0:54:40.20,Default,,0000,0000,0000,,It is still correct,\Nand some of the auditors
Dialogue: 0,0:54:40.20,0:54:41.10,Default,,0000,0000,0000,,do still practice it.
Dialogue: 0,0:54:41.10,0:54:43.01,Default,,0000,0000,0000,,But what happens\Nis, you sometimes
Dialogue: 0,0:54:43.01,0:54:45.44,Default,,0000,0000,0000,,miss the perspective\Nout of it, and your mind
Dialogue: 0,0:54:45.44,0:54:49.73,Default,,0000,0000,0000,,starts to think why a specific\Nthing that we will start
Dialogue: 0,0:54:49.73,0:54:51.39,Default,,0000,0000,0000,,thinking, it needs to be there.
Dialogue: 0,0:54:51.39,0:54:55.52,Default,,0000,0000,0000,,But when you extract the\Nsystem-generated information
Dialogue: 0,0:54:55.52,0:54:57.26,Default,,0000,0000,0000,,and then check with\Nthe documentation,
Dialogue: 0,0:54:57.26,0:55:01.25,Default,,0000,0000,0000,,whether this is the correct\Nway of doing things or not,
Dialogue: 0,0:55:01.25,0:55:04.35,Default,,0000,0000,0000,,then that is the\Nmost probable factor
Dialogue: 0,0:55:04.35,0:55:06.05,Default,,0000,0000,0000,,you will stumble upon any gaps.
Dialogue: 0,0:55:06.05,0:55:08.24,Default,,0000,0000,0000,,So when testing the\Nchange management,
Dialogue: 0,0:55:08.24,0:55:09.89,Default,,0000,0000,0000,,IS auditor should\Nalways start with
Dialogue: 0,0:55:09.89,0:55:14.12,Default,,0000,0000,0000,,the system-generated evidences,\Ninformation containing the date
Dialogue: 0,0:55:14.12,0:55:15.71,Default,,0000,0000,0000,,and time module\Nlast it was updated,
Dialogue: 0,0:55:15.71,0:55:18.54,Default,,0000,0000,0000,,and trace it back to the\Ndocumentation authorizing it.
Dialogue: 0,0:55:18.54,0:55:21.87,Default,,0000,0000,0000,,Because, see, it is like\Nfinding a needle in a haystack.
Dialogue: 0,0:55:21.87,0:55:24.74,Default,,0000,0000,0000,,So what happens is,\Nfor every transaction,
Dialogue: 0,0:55:24.74,0:55:25.95,Default,,0000,0000,0000,,you need to have an approval.
Dialogue: 0,0:55:25.95,0:55:28.42,Default,,0000,0000,0000,,It is not like for every\Ntransaction approval,
Dialogue: 0,0:55:28.42,0:55:30.63,Default,,0000,0000,0000,,whether there is a corresponding\Nsystem entry or not.
Dialogue: 0,0:55:30.63,0:55:33.50,Default,,0000,0000,0000,,Some might have even\Nnot been deployed.
Dialogue: 0,0:55:33.50,0:55:36.26,Default,,0000,0000,0000,,So what happens\Nis the risk of not
Dialogue: 0,0:55:36.26,0:55:37.92,Default,,0000,0000,0000,,detecting undocumented changes.
Dialogue: 0,0:55:37.92,0:55:41.09,Default,,0000,0000,0000,,That is what is the problem\Nhere because whatever is there
Dialogue: 0,0:55:41.09,0:55:44.07,Default,,0000,0000,0000,,in the documentation is\Ndocumented, and it is fine.
Dialogue: 0,0:55:44.07,0:55:47.78,Default,,0000,0000,0000,,That is the difference\Nbetween C and D.
Dialogue: 0,0:55:47.78,0:55:50.66,Default,,0000,0000,0000,,The classification based on\Nthe criticality of a software
Dialogue: 0,0:55:50.66,0:55:53.48,Default,,0000,0000,0000,,application is a part of IS\Nbusiness activity continuity
Dialogue: 0,0:55:53.48,0:55:55.46,Default,,0000,0000,0000,,plan determined by the--
Dialogue: 0,0:55:55.46,0:55:56.96,Default,,0000,0000,0000,,nature of the\Nbusiness and the value
Dialogue: 0,0:55:56.96,0:55:58.52,Default,,0000,0000,0000,,of the application\Nto the business,
Dialogue: 0,0:55:58.52,0:56:00.54,Default,,0000,0000,0000,,replacement cost\Nof the application,
Dialogue: 0,0:56:00.54,0:56:02.55,Default,,0000,0000,0000,,vendor support available\Nfor the application,
Dialogue: 0,0:56:02.55,0:56:04.13,Default,,0000,0000,0000,,associated threats\Nand vulnerabilities
Dialogue: 0,0:56:04.13,0:56:06.56,Default,,0000,0000,0000,,of the application.
Dialogue: 0,0:56:06.56,0:56:09.69,Default,,0000,0000,0000,,So the correct answer is A,\Nso the nature of the business
Dialogue: 0,0:56:09.69,0:56:11.94,Default,,0000,0000,0000,,and the value of the application\Ntowards the business.
Dialogue: 0,0:56:11.94,0:56:15.44,Default,,0000,0000,0000,,So rest of the\Nother options seems
Dialogue: 0,0:56:15.44,0:56:17.87,Default,,0000,0000,0000,,a little bit irrelevant to\Nthis question, the replacement
Dialogue: 0,0:56:17.87,0:56:19.17,Default,,0000,0000,0000,,cost of the application.
Dialogue: 0,0:56:19.17,0:56:22.03,Default,,0000,0000,0000,,So why it is even\Nimportant to understand?
Dialogue: 0,0:56:22.03,0:56:24.51,Default,,0000,0000,0000,,And the vendor support\Nis not a relevant factor
Dialogue: 0,0:56:24.51,0:56:27.65,Default,,0000,0000,0000,,because determining the\Ncriticality classification.
Dialogue: 0,0:56:27.65,0:56:29.40,Default,,0000,0000,0000,,The associated threats\Nand vulnerabilities
Dialogue: 0,0:56:29.40,0:56:32.67,Default,,0000,0000,0000,,will be evaluated only if\Nthe application is deemed
Dialogue: 0,0:56:32.67,0:56:34.09,Default,,0000,0000,0000,,to be critical to the business.
Dialogue: 0,0:56:34.09,0:56:37.87,Default,,0000,0000,0000,,So rest of the other\Noptions are not correct.
Dialogue: 0,0:56:37.87,0:56:40.29,Default,,0000,0000,0000,,The next question is, when\Nconducting an audit of a client
Dialogue: 0,0:56:40.29,0:56:42.36,Default,,0000,0000,0000,,server database\Nsecurity, the IS auditor
Dialogue: 0,0:56:42.36,0:56:45.30,Default,,0000,0000,0000,,should be most concerned\Nabout the availability of--
Dialogue: 0,0:56:45.30,0:56:47.89,Default,,0000,0000,0000,,system utilities, application\Nprogram generators,
Dialogue: 0,0:56:47.89,0:56:53.49,Default,,0000,0000,0000,,system security documentation,\Naccess to stored procedures.
Dialogue: 0,0:56:53.49,0:56:57.19,Default,,0000,0000,0000,,So the whole point is\Navailability of what?
Dialogue: 0,0:56:57.19,0:57:00.97,Default,,0000,0000,0000,,So the point is system security\Ndocumentation, of course,
Dialogue: 0,0:57:00.97,0:57:01.66,Default,,0000,0000,0000,,it is required.
Dialogue: 0,0:57:01.66,0:57:04.59,Default,,0000,0000,0000,,The problem here is that\Nit should be required only
Dialogue: 0,0:57:04.59,0:57:08.28,Default,,0000,0000,0000,,for a few specific set of people\Nwhom the organization wants
Dialogue: 0,0:57:08.28,0:57:10.03,Default,,0000,0000,0000,,to give the access\Nto the documentation.
Dialogue: 0,0:57:10.03,0:57:12.84,Default,,0000,0000,0000,,Not every junior level employee\Ncannot have the security
Dialogue: 0,0:57:12.84,0:57:15.09,Default,,0000,0000,0000,,documentation in place.
Dialogue: 0,0:57:15.09,0:57:18.21,Default,,0000,0000,0000,,And B is completely irrelevant\Nbecause application program
Dialogue: 0,0:57:18.21,0:57:20.46,Default,,0000,0000,0000,,generators, it's not.
Dialogue: 0,0:57:20.46,0:57:23.01,Default,,0000,0000,0000,,In the correct shop,\Nactually the correct option
Dialogue: 0,0:57:23.01,0:57:26.79,Default,,0000,0000,0000,,is option A, system utilities.
Dialogue: 0,0:57:26.79,0:57:29.31,Default,,0000,0000,0000,,System utilities may\Nenable unauthorized changes
Dialogue: 0,0:57:29.31,0:57:31.96,Default,,0000,0000,0000,,to be made to the data\Non a client server model.
Dialogue: 0,0:57:31.96,0:57:34.97,Default,,0000,0000,0000,,Because if you read the\Ndatabase model very clearly,
Dialogue: 0,0:57:34.97,0:57:36.39,Default,,0000,0000,0000,,there are certain\Nsystem utilities
Dialogue: 0,0:57:36.39,0:57:39.63,Default,,0000,0000,0000,,you should not give access to,\Nbecause the system utilities
Dialogue: 0,0:57:39.63,0:57:41.34,Default,,0000,0000,0000,,will bypass the\Nsecurity controls
Dialogue: 0,0:57:41.34,0:57:44.94,Default,,0000,0000,0000,,and the access\Ncontrols, and the person
Dialogue: 0,0:57:44.94,0:57:48.36,Default,,0000,0000,0000,,will be still having ability to\Nmake some unauthorized changes.
Dialogue: 0,0:57:48.36,0:57:50.95,Default,,0000,0000,0000,,People who have read the\Ndatabase of security model,
Dialogue: 0,0:57:50.95,0:57:52.74,Default,,0000,0000,0000,,I think they will be\Nclear with this answer
Dialogue: 0,0:57:52.74,0:57:55.99,Default,,0000,0000,0000,,because the fundamental thing\Nis that it's a system utility.
Dialogue: 0,0:57:55.99,0:57:58.83,Default,,0000,0000,0000,,Say for an example, that\Nis the reason why we
Dialogue: 0,0:57:58.83,0:58:00.39,Default,,0000,0000,0000,,do the hardening of the system.
Dialogue: 0,0:58:00.39,0:58:04.35,Default,,0000,0000,0000,,We will delete access\Nto the unwanted things
Dialogue: 0,0:58:04.35,0:58:08.46,Default,,0000,0000,0000,,that is not required as\Na part of the system.
Dialogue: 0,0:58:08.46,0:58:10.35,Default,,0000,0000,0000,,Let me move on to\Nthe next question.
Dialogue: 0,0:58:10.35,0:58:13.60,Default,,0000,0000,0000,,When reviewing a network used\Nfor internet connections,
Dialogue: 0,0:58:13.60,0:58:15.93,Default,,0000,0000,0000,,an IS auditor will\Nfirst examine the what?
Dialogue: 0,0:58:15.93,0:58:18.12,Default,,0000,0000,0000,,Validity of the password\Nchanges occurrence,
Dialogue: 0,0:58:18.12,0:58:20.17,Default,,0000,0000,0000,,architecture of the\Nclient server application,
Dialogue: 0,0:58:20.17,0:58:22.20,Default,,0000,0000,0000,,network architecture\Ndesign, firewall protection
Dialogue: 0,0:58:22.20,0:58:25.38,Default,,0000,0000,0000,,and proxy servers?
Dialogue: 0,0:58:25.38,0:58:27.93,Default,,0000,0000,0000,,So I think unanimously\Npeople are answering
Dialogue: 0,0:58:27.93,0:58:31.65,Default,,0000,0000,0000,,for C. That is the correct\Nanswer as well because you need
Dialogue: 0,0:58:31.65,0:58:34.23,Default,,0000,0000,0000,,to understand what a network\Narchitecture and design is all
Dialogue: 0,0:58:34.23,0:58:36.37,Default,,0000,0000,0000,,about, about that\Nparticular communication.
Dialogue: 0,0:58:36.37,0:58:39.03,Default,,0000,0000,0000,,So B may seem a\Nlittle bit irrelevant
Dialogue: 0,0:58:39.03,0:58:41.16,Default,,0000,0000,0000,,to this particular\Nthing because firewall
Dialogue: 0,0:58:41.16,0:58:43.50,Default,,0000,0000,0000,,comes after the whole thing\Nof understanding network
Dialogue: 0,0:58:43.50,0:58:44.11,Default,,0000,0000,0000,,architecture.
Dialogue: 0,0:58:44.11,0:58:47.55,Default,,0000,0000,0000,,And B is also the\Nsecond, but it's not
Dialogue: 0,0:58:47.55,0:58:49.95,Default,,0000,0000,0000,,as the first important thing, C.
Dialogue: 0,0:58:49.95,0:58:52.95,Default,,0000,0000,0000,,I will tell you the difference\Nbetween C and B. Understanding
Dialogue: 0,0:58:52.95,0:58:55.74,Default,,0000,0000,0000,,the network architecture design\Nis starting point of identifying
Dialogue: 0,0:58:55.74,0:58:58.17,Default,,0000,0000,0000,,various layers of the\Nsecurity architecture
Dialogue: 0,0:58:58.17,0:59:00.91,Default,,0000,0000,0000,,across the various layers, such\Nas client server applications.
Dialogue: 0,0:59:00.91,0:59:02.96,Default,,0000,0000,0000,,But in first or\Nin principle, what
Dialogue: 0,0:59:02.96,0:59:04.33,Default,,0000,0000,0000,,you need to do is\Nthe first step,
Dialogue: 0,0:59:04.33,0:59:07.24,Default,,0000,0000,0000,,we need to understand the\Nnetwork architecture as a whole.
Dialogue: 0,0:59:07.24,0:59:09.94,Default,,0000,0000,0000,,Then you go to the client server\Nmodel, how it is designed.
Dialogue: 0,0:59:09.94,0:59:11.65,Default,,0000,0000,0000,,That is how you\Nneed to take things.
Dialogue: 0,0:59:11.65,0:59:13.50,Default,,0000,0000,0000,,Again, this is a\Nstep-based approach,
Dialogue: 0,0:59:13.50,0:59:18.22,Default,,0000,0000,0000,,like how you approach BCP,\NDRP, and change management.
Dialogue: 0,0:59:18.22,0:59:21.78,Default,,0000,0000,0000,,This is, again a\Nstep-based approach.
Dialogue: 0,0:59:21.78,0:59:23.28,Default,,0000,0000,0000,,Data measuring\Nshould be implemented
Dialogue: 0,0:59:23.28,0:59:25.53,Default,,0000,0000,0000,,as a recovery strategy when?
Dialogue: 0,0:59:25.53,0:59:27.75,Default,,0000,0000,0000,,Data mirroring\Nshould be implemented
Dialogue: 0,0:59:27.75,0:59:30.27,Default,,0000,0000,0000,,as a recovery strategy when?
Dialogue: 0,0:59:30.27,0:59:33.31,Default,,0000,0000,0000,,RPO is low, RPO is\Nhigh, RTO is high,
Dialogue: 0,0:59:33.31,0:59:34.87,Default,,0000,0000,0000,,disaster tolerance is high?
Dialogue: 0,0:59:34.87,0:59:37.50,Default,,0000,0000,0000,,
Dialogue: 0,0:59:37.50,0:59:38.86,Default,,0000,0000,0000,,It is a very easy question.
Dialogue: 0,0:59:38.86,0:59:42.34,Default,,0000,0000,0000,,If you have understood\NThe concept of RPO or RTO,
Dialogue: 0,0:59:42.34,0:59:45.45,Default,,0000,0000,0000,,this is a very easy question.
Dialogue: 0,0:59:45.45,0:59:49.36,Default,,0000,0000,0000,,So the correct answer\Nis RPO, B, which is low.
Dialogue: 0,0:59:49.36,0:59:53.37,Default,,0000,0000,0000,,So recovery point\Nobjective is the earliest
Dialogue: 0,0:59:53.37,0:59:56.16,Default,,0000,0000,0000,,in the point in which it\Nis acceptable to recover.
Dialogue: 0,0:59:56.16,0:59:59.28,Default,,0000,0000,0000,,So recover the data,\Nin other words,
Dialogue: 0,0:59:59.28,1:00:01.90,Default,,0000,0000,0000,,RPO indicates the age\Nof recovered data.
Dialogue: 0,1:00:01.90,1:00:05.10,Default,,0000,0000,0000,,And so what happens is the\Norganization cannot afford
Dialogue: 0,1:00:05.10,1:00:07.21,Default,,0000,0000,0000,,to lose even a few\Nminutes of data.
Dialogue: 0,1:00:07.21,1:00:11.16,Default,,0000,0000,0000,,In such case, data mirroring\Nshould be used, usually used
Dialogue: 0,1:00:11.16,1:00:13.23,Default,,0000,0000,0000,,as a recovery strategy.
Dialogue: 0,1:00:13.23,1:00:17.36,Default,,0000,0000,0000,,So I think one of the last\Nquestions with domain 4 will be,
Dialogue: 0,1:00:17.36,1:00:18.73,Default,,0000,0000,0000,,which of the\Nfollowing components
Dialogue: 0,1:00:18.73,1:00:20.62,Default,,0000,0000,0000,,of business continuity\Nplan primarily
Dialogue: 0,1:00:20.62,1:00:23.02,Default,,0000,0000,0000,,responsible for\Norganizational IS department?
Dialogue: 0,1:00:23.02,1:00:25.10,Default,,0000,0000,0000,,Developing the business\Ncontinuity plan,
Dialogue: 0,1:00:25.10,1:00:27.19,Default,,0000,0000,0000,,selecting and approving\Nthe recovery strategies
Dialogue: 0,1:00:27.19,1:00:30.20,Default,,0000,0000,0000,,used for business continuity\Nplan, declaring a disaster,
Dialogue: 0,1:00:30.20,1:00:34.87,Default,,0000,0000,0000,,or restoring the IT systems\Nand data after disaster?
Dialogue: 0,1:00:34.87,1:00:37.66,Default,,0000,0000,0000,,Following components of\Nprimarily the responsibility
Dialogue: 0,1:00:37.66,1:00:42.94,Default,,0000,0000,0000,,of the organization's\NIS department primarily?
Dialogue: 0,1:00:42.94,1:00:45.94,Default,,0000,0000,0000,,So when you see\Nthe primarily, what
Dialogue: 0,1:00:45.94,1:00:51.19,Default,,0000,0000,0000,,is the primarily objective of\Nthe IS department in relation
Dialogue: 0,1:00:51.19,1:00:52.87,Default,,0000,0000,0000,,with the business\Ncontinuity plan?
Dialogue: 0,1:00:52.87,1:00:55.63,Default,,0000,0000,0000,,So restore the data is\Nvery, very important.
Dialogue: 0,1:00:55.63,1:00:58.58,Default,,0000,0000,0000,,At the end of the day, what\Nis the end game of that?
Dialogue: 0,1:00:58.58,1:01:02.36,Default,,0000,0000,0000,,Whenever a disaster struck--
Dialogue: 0,1:01:02.36,1:01:05.42,Default,,0000,0000,0000,,disasters has\Nalready struck, fine,
Dialogue: 0,1:01:05.42,1:01:06.59,Default,,0000,0000,0000,,what we are going to do now?
Dialogue: 0,1:01:06.59,1:01:08.42,Default,,0000,0000,0000,,Now we are going to\Ntemporarily run the business
Dialogue: 0,1:01:08.42,1:01:10.75,Default,,0000,0000,0000,,on the other show, with the\Nbackups and stuff like that,
Dialogue: 0,1:01:10.75,1:01:12.95,Default,,0000,0000,0000,,with the skeleton\Nstaff, whatever.
Dialogue: 0,1:01:12.95,1:01:14.79,Default,,0000,0000,0000,,But maybe the\Nprimary objective is
Dialogue: 0,1:01:14.79,1:01:16.95,Default,,0000,0000,0000,,that it is always to\Nrestore the IT systems
Dialogue: 0,1:01:16.95,1:01:18.13,Default,,0000,0000,0000,,and data after a disaster.
Dialogue: 0,1:01:18.13,1:01:20.79,Default,,0000,0000,0000,,That is what is correct\Nand also [INAUDIBLE].
Dialogue: 0,1:01:20.79,1:01:24.09,Default,,0000,0000,0000,,You can see the\Nexplanation over here.
Dialogue: 0,1:01:24.09,1:01:27.03,Default,,0000,0000,0000,,Members of the organization's\Nmost senior management
Dialogue: 0,1:01:27.03,1:01:28.92,Default,,0000,0000,0000,,are primarily responsible\Nfor overseeing
Dialogue: 0,1:01:28.92,1:01:31.77,Default,,0000,0000,0000,,the development of the\Nbusiness continuity plan
Dialogue: 0,1:01:31.77,1:01:33.31,Default,,0000,0000,0000,,and are accountable\Nfor the results.
Dialogue: 0,1:01:33.31,1:01:36.06,Default,,0000,0000,0000,,So IS team is not\Nresponsible for that.
Dialogue: 0,1:01:36.06,1:01:37.89,Default,,0000,0000,0000,,It is the business and\Nthe senior management
Dialogue: 0,1:01:37.89,1:01:41.28,Default,,0000,0000,0000,,who is responsible for\Nbecause that's their business.
Dialogue: 0,1:01:41.28,1:01:43.89,Default,,0000,0000,0000,,Management is also accountable\Nfor selecting and approving
Dialogue: 0,1:01:43.89,1:01:45.06,Default,,0000,0000,0000,,all strategies.
Dialogue: 0,1:01:45.06,1:01:49.38,Default,,0000,0000,0000,,That is, again, to do with\Nthe individual business.
Dialogue: 0,1:01:49.38,1:01:49.90,Default,,0000,0000,0000,,Cool.
Dialogue: 0,1:01:49.90,1:01:54.46,Default,,0000,0000,0000,,So that brings me to the domain\N5, the most technical domain,
Dialogue: 0,1:01:54.46,1:01:55.39,Default,,0000,0000,0000,,if I'm not wrong.
Dialogue: 0,1:01:55.39,1:01:59.28,Default,,0000,0000,0000,,The longest domain\Nin the book as well.
Dialogue: 0,1:01:59.28,1:02:03.39,Default,,0000,0000,0000,,The first question\Nis, an IS auditor
Dialogue: 0,1:02:03.39,1:02:06.09,Default,,0000,0000,0000,,is reviewing the configuration\Nof a signature-based intrusion
Dialogue: 0,1:02:06.09,1:02:07.86,Default,,0000,0000,0000,,detection system,\Nwhich is the IDS,
Dialogue: 0,1:02:07.86,1:02:10.50,Default,,0000,0000,0000,,would be the most concerned\Nif which of the following
Dialogue: 0,1:02:10.50,1:02:11.53,Default,,0000,0000,0000,,is discovered?
Dialogue: 0,1:02:11.53,1:02:14.20,Default,,0000,0000,0000,,Auto update is turned off,\Nscanning for application
Dialogue: 0,1:02:14.20,1:02:17.23,Default,,0000,0000,0000,,vulnerability is disabled,\Nanalysis of encrypted data
Dialogue: 0,1:02:17.23,1:02:19.15,Default,,0000,0000,0000,,packets are disabled,\NIDS is placed
Dialogue: 0,1:02:19.15,1:02:23.09,Default,,0000,0000,0000,,between a demilitarized\Nzone and the firewall?
Dialogue: 0,1:02:23.09,1:02:25.30,Default,,0000,0000,0000,,A, auto update is turned off.
Dialogue: 0,1:02:25.30,1:02:28.06,Default,,0000,0000,0000,,So even in our home,\Nwhen we are running
Dialogue: 0,1:02:28.06,1:02:33.37,Default,,0000,0000,0000,,Kaspersky, Norton or whatever\Nsecurity thing, the intrusion--
Dialogue: 0,1:02:33.37,1:02:35.48,Default,,0000,0000,0000,,not intrusion, but\Nantivirus software,
Dialogue: 0,1:02:35.48,1:02:37.85,Default,,0000,0000,0000,,the signature is very important.
Dialogue: 0,1:02:37.85,1:02:40.57,Default,,0000,0000,0000,,It will get updated twice\Nor thrice or even five
Dialogue: 0,1:02:40.57,1:02:43.58,Default,,0000,0000,0000,,times in a day, depending\Nupon what is the situation.
Dialogue: 0,1:02:43.58,1:02:46.44,Default,,0000,0000,0000,,So what happens is, when\Nyou have turned this off--
Dialogue: 0,1:02:46.44,1:02:47.98,Default,,0000,0000,0000,,God knows when you\Nhave turned it off
Dialogue: 0,1:02:47.98,1:02:50.42,Default,,0000,0000,0000,,and how many days the\Nsystem is not updated.
Dialogue: 0,1:02:50.42,1:02:54.92,Default,,0000,0000,0000,,That is the most important risk\Nin anything, whenever the IDS--
Dialogue: 0,1:02:54.92,1:02:58.93,Default,,0000,0000,0000,,because when a signature-based\NIDS is looking for patterns
Dialogue: 0,1:02:58.93,1:03:01.63,Default,,0000,0000,0000,,and the pattern is not\Nrecently updated for a recent
Dialogue: 0,1:03:01.63,1:03:03.68,Default,,0000,0000,0000,,vulnerability, what happens?
Dialogue: 0,1:03:03.68,1:03:06.55,Default,,0000,0000,0000,,Your system is as good\Nas it is not protected.
Dialogue: 0,1:03:06.55,1:03:10.48,Default,,0000,0000,0000,,Whenever you are reading\Nthis answer reasoning, even
Dialogue: 0,1:03:10.48,1:03:13.51,Default,,0000,0000,0000,,in the CRM, even in the\Nquestion and answers bank,
Dialogue: 0,1:03:13.51,1:03:16.70,Default,,0000,0000,0000,,I request you all to read\Nall the four options,
Dialogue: 0,1:03:16.70,1:03:18.64,Default,,0000,0000,0000,,why it is correct,\Nwhy it is not correct,
Dialogue: 0,1:03:18.64,1:03:20.54,Default,,0000,0000,0000,,and to get familiarized.
Dialogue: 0,1:03:20.54,1:03:24.43,Default,,0000,0000,0000,,Say for an example, in this, the\Ncomplete irrelevant option is B.
Dialogue: 0,1:03:24.43,1:03:26.50,Default,,0000,0000,0000,,But they have given\Na good information
Dialogue: 0,1:03:26.50,1:03:28.96,Default,,0000,0000,0000,,on a demilitarized zone or DMZ.
Dialogue: 0,1:03:28.96,1:03:31.18,Default,,0000,0000,0000,,So this can be used in\Nsome other question, which
Dialogue: 0,1:03:31.18,1:03:34.21,Default,,0000,0000,0000,,might be all dealing with DMZ.
Dialogue: 0,1:03:34.21,1:03:35.93,Default,,0000,0000,0000,,Let me move on to\Nthe next question.
Dialogue: 0,1:03:35.93,1:03:38.80,Default,,0000,0000,0000,,An IS auditor has just completed\Na review of organization
Dialogue: 0,1:03:38.80,1:03:42.40,Default,,0000,0000,0000,,that has mainframe computer\Nand two database servers where
Dialogue: 0,1:03:42.40,1:03:44.21,Default,,0000,0000,0000,,all the production data reside.
Dialogue: 0,1:03:44.21,1:03:45.88,Default,,0000,0000,0000,,Which one of the\Nfollowing weakness
Dialogue: 0,1:03:45.88,1:03:50.44,Default,,0000,0000,0000,,should the IS auditor be\Nconsidered the most serious?
Dialogue: 0,1:03:50.44,1:03:53.39,Default,,0000,0000,0000,,The security officer also serves\Nas a database administrator.
Dialogue: 0,1:03:53.39,1:03:54.97,Default,,0000,0000,0000,,Password controls\Nare not administered
Dialogue: 0,1:03:54.97,1:03:56.54,Default,,0000,0000,0000,,over 2 database servers.
Dialogue: 0,1:03:56.54,1:03:59.42,Default,,0000,0000,0000,,There is no business continuity\Nplan for the mainframe system's
Dialogue: 0,1:03:59.42,1:04:01.06,Default,,0000,0000,0000,,non-critical applications.
Dialogue: 0,1:04:01.06,1:04:05.18,Default,,0000,0000,0000,,Most local data networks do\Nnot have backup file server
Dialogue: 0,1:04:05.18,1:04:06.59,Default,,0000,0000,0000,,fixed disk regularly.
Dialogue: 0,1:04:06.59,1:04:09.40,Default,,0000,0000,0000,,
Dialogue: 0,1:04:09.40,1:04:11.83,Default,,0000,0000,0000,,So the correct answer\Nis B, password controls
Dialogue: 0,1:04:11.83,1:04:16.36,Default,,0000,0000,0000,,are not administered over\Ntwo database servers.
Dialogue: 0,1:04:16.36,1:04:18.79,Default,,0000,0000,0000,,So the absence of password\Ncontrols on the two database
Dialogue: 0,1:04:18.79,1:04:20.74,Default,,0000,0000,0000,,servers, where the\Nproduction data resides,
Dialogue: 0,1:04:20.74,1:04:21.62,Default,,0000,0000,0000,,is the most critical.
Dialogue: 0,1:04:21.62,1:04:25.30,Default,,0000,0000,0000,,Because again, this question\Ntalks about the most.
Dialogue: 0,1:04:25.30,1:04:27.47,Default,,0000,0000,0000,,There are two options,\Nwhich is correct, of course.
Dialogue: 0,1:04:27.47,1:04:29.86,Default,,0000,0000,0000,,And what you need to\Nlook for is the one
Dialogue: 0,1:04:29.86,1:04:35.09,Default,,0000,0000,0000,,which is most apt given the\Nsituation and the scenario.
Dialogue: 0,1:04:35.09,1:04:38.05,Default,,0000,0000,0000,,So let me go on to\Nthe next question.
Dialogue: 0,1:04:38.05,1:04:40.66,Default,,0000,0000,0000,,The insurance company is using\Nthe public cloud computing
Dialogue: 0,1:04:40.66,1:04:43.94,Default,,0000,0000,0000,,for one of its critical\Napplications to reduce the cost.
Dialogue: 0,1:04:43.94,1:04:46.24,Default,,0000,0000,0000,,Which of the following\Nwould be the most
Dialogue: 0,1:04:46.24,1:04:48.35,Default,,0000,0000,0000,,concern to the IS auditor?
Dialogue: 0,1:04:48.35,1:04:49.99,Default,,0000,0000,0000,,The inability to\Nrecover the service
Dialogue: 0,1:04:49.99,1:04:51.86,Default,,0000,0000,0000,,in a major technical\Nfailure scenario.
Dialogue: 0,1:04:51.86,1:04:54.19,Default,,0000,0000,0000,,The data in shared\Nenvironment being
Dialogue: 0,1:04:54.19,1:04:56.29,Default,,0000,0000,0000,,accessed by other companies.
Dialogue: 0,1:04:56.29,1:04:58.82,Default,,0000,0000,0000,,The service provider not\Nincluding investigative support
Dialogue: 0,1:04:58.82,1:04:59.58,Default,,0000,0000,0000,,for incidents.
Dialogue: 0,1:04:59.58,1:05:02.20,Default,,0000,0000,0000,,The long-term viability of the\Nservice if the provider goes out
Dialogue: 0,1:05:02.20,1:05:02.76,Default,,0000,0000,0000,,of business.
Dialogue: 0,1:05:02.76,1:05:06.04,Default,,0000,0000,0000,,
Dialogue: 0,1:05:06.04,1:05:10.02,Default,,0000,0000,0000,,So that is actually\Nthe correct answer.
Dialogue: 0,1:05:10.02,1:05:11.56,Default,,0000,0000,0000,,Considering that an\Ninsurance company
Dialogue: 0,1:05:11.56,1:05:15.01,Default,,0000,0000,0000,,must preserve the privacy and\Nconfidentiality of the customer
Dialogue: 0,1:05:15.01,1:05:17.92,Default,,0000,0000,0000,,information, unauthorized access\Nto the information and the data
Dialogue: 0,1:05:17.92,1:05:21.82,Default,,0000,0000,0000,,leakage are the\Ntwo major concerns.
Dialogue: 0,1:05:21.82,1:05:23.02,Default,,0000,0000,0000,,The next question.
Dialogue: 0,1:05:23.02,1:05:26.21,Default,,0000,0000,0000,,Which one of the\Nfollowing best determines
Dialogue: 0,1:05:26.21,1:05:28.42,Default,,0000,0000,0000,,whether the complete encryption\Nor the authentication
Dialogue: 0,1:05:28.42,1:05:30.34,Default,,0000,0000,0000,,protocol for\Nprotecting information
Dialogue: 0,1:05:30.34,1:05:33.49,Default,,0000,0000,0000,,while being transmitted exist?
Dialogue: 0,1:05:33.49,1:05:36.20,Default,,0000,0000,0000,,A digital signature with the\NRSA that has been implemented.
Dialogue: 0,1:05:36.20,1:05:38.64,Default,,0000,0000,0000,,Work has been done in\Nthe tunnel mode nested
Dialogue: 0,1:05:38.64,1:05:40.81,Default,,0000,0000,0000,,with the services of AH,\Nwhich is the authentication
Dialogue: 0,1:05:40.81,1:05:43.72,Default,,0000,0000,0000,,header, and encapsulating\Nsecurity payload, which
Dialogue: 0,1:05:43.72,1:05:45.01,Default,,0000,0000,0000,,is the ESP.
Dialogue: 0,1:05:45.01,1:05:47.53,Default,,0000,0000,0000,,Digital certificates\Nwith the RSA being used.
Dialogue: 0,1:05:47.53,1:05:50.83,Default,,0000,0000,0000,,Work is being done in transport\Nmode of the nested services
Dialogue: 0,1:05:50.83,1:05:53.23,Default,,0000,0000,0000,,of AH and ESP.
Dialogue: 0,1:05:53.23,1:05:56.95,Default,,0000,0000,0000,,Quite a tricky technical\Nquestion, I would say.
Dialogue: 0,1:05:56.95,1:06:00.79,Default,,0000,0000,0000,,And to remind you, I\Nhave studied these things
Dialogue: 0,1:06:00.79,1:06:03.70,Default,,0000,0000,0000,,quite cumbersomely\Nbecause I didn't even
Dialogue: 0,1:06:03.70,1:06:06.40,Default,,0000,0000,0000,,understand a single word when\NI was doing it the first time.
Dialogue: 0,1:06:06.40,1:06:09.37,Default,,0000,0000,0000,,Transport mode, tunnel\Nmode, everything
Dialogue: 0,1:06:09.37,1:06:11.31,Default,,0000,0000,0000,,was Greek and Latin for me.
Dialogue: 0,1:06:11.31,1:06:14.38,Default,,0000,0000,0000,,
Dialogue: 0,1:06:14.38,1:06:15.73,Default,,0000,0000,0000,,B is the correct answer.
Dialogue: 0,1:06:15.73,1:06:18.19,Default,,0000,0000,0000,,Tunnel mode provides\Nencryption and authentication
Dialogue: 0,1:06:18.19,1:06:22.45,Default,,0000,0000,0000,,of complete IP package,\Nincluding the authentication
Dialogue: 0,1:06:22.45,1:06:25.81,Default,,0000,0000,0000,,header and the encapsulating\Nsecurity payload, which is ESP.
Dialogue: 0,1:06:25.81,1:06:30.97,Default,,0000,0000,0000,,For transport mode provides\Nonly at higher layers, like data
Dialogue: 0,1:06:30.97,1:06:33.26,Default,,0000,0000,0000,,fields and the payload\Nof an IP package.
Dialogue: 0,1:06:33.26,1:06:35.63,Default,,0000,0000,0000,,So those are the\Ntwo differences.
Dialogue: 0,1:06:35.63,1:06:38.77,Default,,0000,0000,0000,,Actually, as I told,\Na digital certificate
Dialogue: 0,1:06:38.77,1:06:40.75,Default,,0000,0000,0000,,provides only the\Nauthentication and integrity,
Dialogue: 0,1:06:40.75,1:06:42.73,Default,,0000,0000,0000,,does not provide\Nanything beyond that.
Dialogue: 0,1:06:42.73,1:06:46.10,Default,,0000,0000,0000,,And whenever you see any digital\Nsignature versus encryption,
Dialogue: 0,1:06:46.10,1:06:50.11,Default,,0000,0000,0000,,I think digital certificate\Nis only to provide
Dialogue: 0,1:06:50.11,1:06:50.93,Default,,0000,0000,0000,,an authentication.
Dialogue: 0,1:06:50.93,1:06:52.39,Default,,0000,0000,0000,,It doesn't provide\Nany other thing.
Dialogue: 0,1:06:52.39,1:06:54.35,Default,,0000,0000,0000,,It doesn't provide\Neven confidentiality.
Dialogue: 0,1:06:54.35,1:06:57.01,Default,,0000,0000,0000,,It doesn't provide\Nany availability
Dialogue: 0,1:06:57.01,1:06:59.95,Default,,0000,0000,0000,,or any of the things.
Dialogue: 0,1:06:59.95,1:07:03.97,Default,,0000,0000,0000,,Which one of the following\Ncharacterizes distributed denial
Dialogue: 0,1:07:03.97,1:07:06.22,Default,,0000,0000,0000,,of service attack, DDoS?
Dialogue: 0,1:07:06.22,1:07:09.46,Default,,0000,0000,0000,,Central initiation of\Nintermediary computers
Dialogue: 0,1:07:09.46,1:07:12.40,Default,,0000,0000,0000,,to detect simultaneous attacks,\Nsurplus message traffic
Dialogue: 0,1:07:12.40,1:07:14.02,Default,,0000,0000,0000,,and specified target site.
Dialogue: 0,1:07:14.02,1:07:16.63,Default,,0000,0000,0000,,Local initiation of\Nintermediary computers
Dialogue: 0,1:07:16.63,1:07:19.54,Default,,0000,0000,0000,,to detect simultaneous and\Nspurious of message traffic
Dialogue: 0,1:07:19.54,1:07:21.25,Default,,0000,0000,0000,,at specific target site.
Dialogue: 0,1:07:21.25,1:07:23.56,Default,,0000,0000,0000,,Central initiation\Nof primary computer
Dialogue: 0,1:07:23.56,1:07:28.03,Default,,0000,0000,0000,,to detect spurious message\Ntraffic at multiple sites.
Dialogue: 0,1:07:28.03,1:07:33.01,Default,,0000,0000,0000,,And local initiation of\Nintermediary computers to direct
Dialogue: 0,1:07:33.01,1:07:36.61,Default,,0000,0000,0000,,staggered spurious\Nmessage traffic
Dialogue: 0,1:07:36.61,1:07:38.03,Default,,0000,0000,0000,,at a specific target site.
Dialogue: 0,1:07:38.03,1:07:40.90,Default,,0000,0000,0000,,
Dialogue: 0,1:07:40.90,1:07:42.83,Default,,0000,0000,0000,,Again, this is a\Nconfusing question,
Dialogue: 0,1:07:42.83,1:07:44.10,Default,,0000,0000,0000,,but the answer is very simple.
Dialogue: 0,1:07:44.10,1:07:48.64,Default,,0000,0000,0000,,
Dialogue: 0,1:07:48.64,1:07:51.13,Default,,0000,0000,0000,,That is the correct\Nanswer as well.
Dialogue: 0,1:07:51.13,1:07:53.50,Default,,0000,0000,0000,,So what happens with\Nthe DDoS attack is
Dialogue: 0,1:07:53.50,1:07:58.75,Default,,0000,0000,0000,,that one controller system\Nor one primary system
Dialogue: 0,1:07:58.75,1:08:01.98,Default,,0000,0000,0000,,will be controlling so\Nmany zombie computers,
Dialogue: 0,1:08:01.98,1:08:04.80,Default,,0000,0000,0000,,and the administrator will\Nlaunch an attack on these zombie
Dialogue: 0,1:08:04.80,1:08:07.95,Default,,0000,0000,0000,,computers, will start sending\Npackets to the primary target.
Dialogue: 0,1:08:07.95,1:08:11.04,Default,,0000,0000,0000,,And by flooding their\Ntraffic, and they will
Dialogue: 0,1:08:11.04,1:08:12.31,Default,,0000,0000,0000,,be having some kind of issue.
Dialogue: 0,1:08:12.31,1:08:16.30,Default,,0000,0000,0000,,Say for an example, if Amazon is\Nputting a Independence Day sale,
Dialogue: 0,1:08:16.30,1:08:20.32,Default,,0000,0000,0000,,I want to affect this sales\Nby targeting their servers.
Dialogue: 0,1:08:20.32,1:08:22.74,Default,,0000,0000,0000,,I can launch this attack\Nusing the zombie computers,
Dialogue: 0,1:08:22.74,1:08:25.48,Default,,0000,0000,0000,,and they will attack on\Nbehalf of [INAUDIBLE],
Dialogue: 0,1:08:25.48,1:08:27.85,Default,,0000,0000,0000,,and I will be controlling\Nthe zombie computers.
Dialogue: 0,1:08:27.85,1:08:31.12,Default,,0000,0000,0000,,And what happens\Nnext is God knows.
Dialogue: 0,1:08:31.12,1:08:34.39,Default,,0000,0000,0000,,So again, our DDoS attacks\Nare not locally initiated.
Dialogue: 0,1:08:34.39,1:08:35.35,Default,,0000,0000,0000,,They are not staggered.
Dialogue: 0,1:08:35.35,1:08:39.27,Default,,0000,0000,0000,,They are not initiated\Nusing a primary computer.
Dialogue: 0,1:08:39.27,1:08:43.23,Default,,0000,0000,0000,,So last question for this\Nday, which of the following
Dialogue: 0,1:08:43.23,1:08:45.73,Default,,0000,0000,0000,,is the most effective\Npreventive antivirus control?
Dialogue: 0,1:08:45.73,1:08:46.60,Default,,0000,0000,0000,,Scanning the emails.
Dialogue: 0,1:08:46.60,1:08:47.85,Default,,0000,0000,0000,,Attachment on the mail server.
Dialogue: 0,1:08:47.85,1:08:50.59,Default,,0000,0000,0000,,Restoring the systems\Nfrom clean copies.
Dialogue: 0,1:08:50.59,1:08:54.06,Default,,0000,0000,0000,,Disabling universal serial\Nbus ports, which is the USB.
Dialogue: 0,1:08:54.06,1:08:57.03,Default,,0000,0000,0000,,An online antivirus scan\Nwith up-to-date antivirus
Dialogue: 0,1:08:57.03,1:09:00.17,Default,,0000,0000,0000,,definitions.
Dialogue: 0,1:09:00.17,1:09:04.73,Default,,0000,0000,0000,,Correct answer is actually\ND. But why not C. B and D?
Dialogue: 0,1:09:04.73,1:09:06.84,Default,,0000,0000,0000,,It is completely irrelevant.
Dialogue: 0,1:09:06.84,1:09:09.65,Default,,0000,0000,0000,,It doesn't talk anything\Nabout antivirus or anything
Dialogue: 0,1:09:09.65,1:09:12.20,Default,,0000,0000,0000,,because it's just\Nrestoring systems
Dialogue: 0,1:09:12.20,1:09:16.71,Default,,0000,0000,0000,,from clean copies, which is\Nmost baseline thing that we do.
Dialogue: 0,1:09:16.71,1:09:19.10,Default,,0000,0000,0000,,And disabling USB.
Dialogue: 0,1:09:19.10,1:09:23.33,Default,,0000,0000,0000,,I think disabling USB should\Nbe an incorrect option again.
Dialogue: 0,1:09:23.33,1:09:26.72,Default,,0000,0000,0000,,You can disable the\NUSB, but still system
Dialogue: 0,1:09:26.72,1:09:32.51,Default,,0000,0000,0000,,can read the USB file when\Nit is having [INAUDIBLE].
Dialogue: 0,1:09:32.51,1:09:35.30,Default,,0000,0000,0000,,So D would be the most\Nappropriate answer
Dialogue: 0,1:09:35.30,1:09:39.29,Default,,0000,0000,0000,,for this one because of the\Nfact that antivirus can be
Dialogue: 0,1:09:39.29,1:09:40.97,Default,,0000,0000,0000,,used to prevent virus attacks.
Dialogue: 0,1:09:40.97,1:09:42.61,Default,,0000,0000,0000,,By running regular\Nscans, it can also
Dialogue: 0,1:09:42.61,1:09:44.78,Default,,0000,0000,0000,,be used to detect virus\Ninfections that have already
Dialogue: 0,1:09:44.78,1:09:45.71,Default,,0000,0000,0000,,been occurred.
Dialogue: 0,1:09:45.71,1:09:47.15,Default,,0000,0000,0000,,Regular updates\Nof the software is
Dialogue: 0,1:09:47.15,1:09:50.81,Default,,0000,0000,0000,,required to ensure it is able\Nto update, detect and correct
Dialogue: 0,1:09:50.81,1:09:52.49,Default,,0000,0000,0000,,viruses as they emerge.
Dialogue: 0,1:09:52.49,1:09:55.10,Default,,0000,0000,0000,,So again, the important\Nthing that you need to know
Dialogue: 0,1:09:55.10,1:09:57.74,Default,,0000,0000,0000,,is that the signature-based\Nsystem, as always,
Dialogue: 0,1:09:57.74,1:09:59.46,Default,,0000,0000,0000,,it should be kept up to date.
Dialogue: 0,1:09:59.46,1:10:01.68,Default,,0000,0000,0000,,But not a heuristic--
Dialogue: 0,1:10:01.68,1:10:04.62,Default,,0000,0000,0000,,not a knowledge-based system.
Dialogue: 0,1:10:04.62,1:10:06.47,Default,,0000,0000,0000,,Sometimes you'll be\Nhaving a conflict
Dialogue: 0,1:10:06.47,1:10:10.04,Default,,0000,0000,0000,,between heuristic and\Nsignature-based and all
Dialogue: 0,1:10:10.04,1:10:10.97,Default,,0000,0000,0000,,those stuffs.
Dialogue: 0,1:10:10.97,1:10:13.50,Default,,0000,0000,0000,,You need to be very clear\Nwhich system talks about what.
Dialogue: 0,1:10:13.50,1:10:17.37,Default,,0000,0000,0000,,Because some systems, like IDPs,\Nwhich talks about the anomalies,
Dialogue: 0,1:10:17.37,1:10:20.21,Default,,0000,0000,0000,,it will not talk about\Nsystem signature.
Dialogue: 0,1:10:20.21,1:10:22.14,Default,,0000,0000,0000,,It will talk about\Nonly the anomalies.
Dialogue: 0,1:10:22.14,1:10:23.96,Default,,0000,0000,0000,,Say for an example,\Nthese anomalies
Dialogue: 0,1:10:23.96,1:10:26.90,Default,,0000,0000,0000,,will be studied\Nfor certain dates
Dialogue: 0,1:10:26.90,1:10:29.49,Default,,0000,0000,0000,,so that the regular\Ntraffic will be like this.
Dialogue: 0,1:10:29.49,1:10:31.37,Default,,0000,0000,0000,,And anything beyond\Nthis regular traffic
Dialogue: 0,1:10:31.37,1:10:34.04,Default,,0000,0000,0000,,will be flagged as\Nincorrect traffic
Dialogue: 0,1:10:34.04,1:10:35.46,Default,,0000,0000,0000,,or the non-relevant traffic.
Dialogue: 0,1:10:35.46,1:10:38.76,Default,,0000,0000,0000,,And it will be quarantined,\Nand it will not
Dialogue: 0,1:10:38.76,1:10:40.38,Default,,0000,0000,0000,,be allowed, intrusion\Ndetection system.
Dialogue: 0,1:10:40.38,1:10:42.71,Default,,0000,0000,0000,,And sometimes it can be\Nprevented from entering
Dialogue: 0,1:10:42.71,1:10:44.27,Default,,0000,0000,0000,,our servers as well.
Dialogue: 0,1:10:44.27,1:10:47.99,Default,,0000,0000,0000,,So that brings me to\Nthe end of this session.
Dialogue: 0,1:10:47.99,1:10:49.08,Default,,0000,0000,0000,,Thanks a lot everybody.
Dialogue: 0,1:10:49.08,1:10:50.70,Default,,0000,0000,0000,,I'll wind up the session.
Dialogue: 0,1:10:50.70,1:10:53.55,Default,,0000,0000,0000,,Thank you for your patience\Nand listening to me.
Dialogue: 0,1:10:53.55,1:10:55.59,Default,,0000,0000,0000,,And it was a very\Nfruitful session.
Dialogue: 0,1:10:55.59,1:10:57.82,Default,,0000,0000,0000,,I appreciate.