CISA Certified Information Systems Auditor – Question1393

An IS auditor finds that a required security patch was not installed on a critical server for more than 6 months. The NEXT course of action should be to:

A.
determine the root cause of the delay.
B. review patch management procedures.
C. request the patch be installed as soon as possible.
D. notify senior management of audit findings.

Correct Answer: B