PERT is a program-evaluation review technique that considers different scenarios for planning and control projects.

Section: Protection of Information Assets
Explanation:
A parity check will help to detect data errors when data are read from memory or communicated from one computer to another. A one-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is odd or even. When the parity bit disagrees with the sum of the other bits, an error report is generated.

Section: Information System Operations, Maintenance and Support

Explanation
The first thing that should be done when an intrusion into an organization network is detected is to identify nodes that have been compromised. Identifying nodes that have been compromised is a critical step in responding to an intrusion, as it helps determine the scope, impact, and source of the attack, and enables the implementation of appropriate containment and recovery measures. The other options are not the first things that should be done when an intrusion into an organization network is detected, as they may be premature or ineffective without identifying nodes that have been compromised. Blocking all compromised network nodes is a containment measure that can help isolate and prevent the spread of the attack, but it may not be possible or feasible without identifying nodes that have been compromised. Contacting law enforcement is a reporting measure that can help seek external assistance and comply with legal obligations, but it may not be necessary or appropriate without identifying nodes that have been compromised. Notifying senior management is a communication measure that can help inform and escalate the incident, but it may not be urgent or accurate without identifying nodes that have been compromised. References: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2

The first thing that an IS auditor should do when a follow-up audit reveals some management action plans have not been initiated is to escalate the lack of plan completion to executive management. This is because the failure to implement the agreed management action plans may indicate that the management is not taking the audit findings and recommendations seriously, or that they are accepting too much risk by not addressing the identified issues. Escalating the lack of plan completion to executive management can help to raise awareness and accountability, as well as to seek support and intervention to ensure that the management action plans are executed in a timely and effective manner12.
Confirming whether the identified risks are still valid is not the first thing to do, although it may be a useful step to reassess the current situation and the potential impact of not implementing the management action plans. However, confirming the validity of the risks does not address the root cause of why the management action plans have not been initiated, nor does it provide any assurance or remediation for the unresolved issues34.
Providing a report to the audit committee is not the first thing to do, although it may be a necessary step to communicate and document the results of the follow-up audit. However, providing a report to the audit committee does not guarantee that the management action plans will be initiated, nor does it resolve any conflicts or challenges that may prevent the management from implementing them34.
Requesting an additional action plan review to confirm the findings is not the first thing to do, although it may be a prudent step to verify and validate the accuracy and completeness of the follow-up audit. However, requesting an additional review may delay or defer the implementation of the management action plans, as well as consume more internal audit resources and time