The traditional set of IS responsibilities includes all of the following except:

If financial statements are to meet the requirements of adequate disclosure,

a. All information pertaining to the company must be disclosed in the statements or related notes, even though some of the disclosures are potentially detrimental to the company or its shareholders b. All information believed by the auditor to be essential to the fair presentation of the financial statements must be disclosed, no matter how confidential management believes the data to be c. Statement notes should be written in very technical language to avoid misinterpretation by the reader d. A statement note must clearly detail any deficiencies contained in the financial statements themselves

Which of the following preventive controls are necessary to provide adequate security for social engineering threats?

A) Controlling physical access. B) Encryption. C) Profiling. D) Awareness training.