Are you studying for the CISSP certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
What is the most effective step for an IT auditor to take when a review of access controls identifies that data owners are able to change access controls for a low-risk application?
Report this as an issue.
Not report this issue since discretionary access controls (DACs) are in place.
Recommend that mandatory access control (MAC) be implemented.
Report this finding to the data owners to verify whether it is an exception.
DAC allows data owners to modify access, which is a normal procedure and is a benefit of DAC. Recommending MAC is not correct because it is more appropriate for data owners to have DAC in a low-risk application. The use of DAC may not be an exception and, until confirmed, should not be reported as an issue. While an IS auditor may consult with data owners regarding whether this access is allowed normally, the IS auditor should not rely on the auditee to determine whether this is an issue.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.