An organization's audit charter primarily describes the auditors' authority to conduct audits. The audit charter is a formal document that defines the purpose, scope, responsibilities, and reporting relationships of the internal audit function. It also establishes the auditors' right of access to information, records, personnel, and physical properties relevant to their work. The audit charter provides the basis for the auditors' independence and accountability to the governing body and senior management.

Section: Protection of Information Assets
Explanation/Reference:
ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an anti-
replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality. The set of
services provided depends on options selected at the time of Security Association (SA) establishment and
on the location of the implementation in a network topology. For your exam you should know the
information below about the IPSec protocol:
The IP network layer packet security protocol establishes VPNs via transport and tunnel mode encryption
methods.
For the transport method, the data portion of each packet is encrypted, encryption within IPSEC is referred
to as the encapsulation security payload (ESP), it is ESP that provides confidentiality over the process.
In the tunnel mode, the ESP payload and its header's are encrypted. To achieve non-repudiation, an
additional authentication header (AH) is applied.
In establishing IPSec sessions in either mode, Security Associations (SAs) are established. SAs defines
which security parameters should be applied between communicating parties as encryption algorithms, key
initialization vector, life span of keys, etc. Within either ESP or AH header, respectively. An SAs is
established when a 32-bit security parameter index (SPI) field is defined within the sending host. The SPI is
unique identifier that enables the sending host to reference the security parameter to apply, as specified, on
the receiving host.
IPSec can be made more secure by using asymmetric encryption through the use of Internet Security
Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows automated key
management, use of public keys, negotiation, establishment, modification and deletion of SAs and
attributes. For authentication, the sender uses digital certificates. The connection is made secure by
supporting the generation, authentication, distribution of the SAs and the cryptographic keys.
The following were incorrect answers:
The other options presented are invalid as the transport mode encrypts ESP and the tunnel mode encrypts
ESP and its header's.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 353

Explanation
Problem management is the best way to enable the organization to resolve the issue of repeated failures of critical data processing services, as it focuses on identifying and eliminating the root causes of incidents and preventing their recurrence. Problem management involves analyzing incidents, performing root cause analysis, finding solutions, implementing changes and documenting lessons learned. Incident management is not the best way to resolve the issue, as it focuses on restoring normal service operation as quickly as possible after an incident occurs, but does not address the underlying causes or prevent future incidents. Service level management is not the best way to resolve the issue, as it focuses on defining, monitoring and reporting on the service levels agreed upon between service providers and customers, but does not address the causes or solutions of incidents. Change management is not the best way to resolve the issue, as it focuses on ensuring that changes are implemented in a controlled and coordinated manner, but does not address the identification or elimination of incidents. References:
1: [Problem Management Definition]
2: [Incident Management Definition]
3: [Service Level Management Definition]
4: [Change Management Definition]
5: IT Service Management | ISACA