Are you studying for the CISSP certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
During an application access control review for a mission-critical application an IT auditor identifies a high number of users with privileged access. The finding is reported to the IT administrator, who states that management has approved the access and that the personnel who have the access need it. What is the most effective response for the IT auditor?
Discuss the finding with senior management.
Recommend an immediate update to the procedures.
Determine whether compensating controls are in place.
Document the finding in the audit report.
An excessive number of users with privileged access is not necessarily an issue if compensating controls are in place. An IS auditor should gather additional information before presenting the situation in the report. An update to procedures would not address a potential weakness in logical security and may not be feasible if individuals are required to have this access to perform their jobs. The IS auditor should gather additional information before reporting the item to senior management.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.