Section: Protection of Information Assets
Explanation:
Reporting can take the forms of verbal presentation, an issue paper or a written audit report summarizing observations and management's responses. After agreement is reached on the observations, a final report can be issued.

Section: Protection of Information Assets
Explanation:
Implementing risk management, as one of the outcomes of effective information security governance,
would require a collective understanding of the organization's threat, vulnerability and risk profile as a first
step. Based on this, an understanding of risk exposure and potential consequences of compromise could
be determined. Risk management priorities based on potential consequences could then be developed.
This would provide a basis for the formulation of strategies for risk mitigation sufficient to keep the
consequences from risk at an acceptable level.

Explanation/Reference:
Explanation:
A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i.e., registration of the users of a digital signature plus authenticating the information that is put in the digital certificate.