What should be the auditor’s FIRST action?

Posted by: Pdfprep Category: CISA Tags: , ,

During an audit of the organization’s data privacy policy, the IS auditor identified that only some IT application databases have encryption in place.

What should be the auditor’s FIRST action?
A . Assess the resources required to implement encryption to unencrypted databases.
B . Review the most recent database penetration testing results.
C . Determine whether compensating controls are in place.
D . Review a comprehensive list of databases with the information they contain.

Answer: C

Leave a Reply

Your email address will not be published.