Which of the following audit responses is correct in this situation?

An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an email message between the parties.

Which of the following audit responses is correct in this situation?
A . An audit finding is recorded, as the key should be asymmetric and therefore changed.
B . No audit finding is recorded, as it is normal to distribute a key of this nature in this manner.
C . No audit finding is recorded, as the key can only be used once.
D . An audit finding is recorded as the key should be distributed in a secure manner.

View Answer

Answer: D