Which of the following should be of MOST concern to an IS auditor?
A . Lack of reporting of a successful attack on the network
B . Failure to notify police of an attempted intrusion
C . Lack of periodic examination of access rights
D . Lack of notification to the public of an intrusion
Answer: A
Explanation:
Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which would be a professional mistake. Although notification to the police may be required and the lack of a periodic examination of access rights might be a concern, they do not represent as big a concern as the failure to report the attack. Reporting to the public is not a requirement and is dependent on the organization’s desire, or lack thereof, to make the intrusion known.
Leave a Reply