CISA Certified Information Systems Auditor – Question1775

Default permit is only a good approach in an environment where:

A.
security threats are non-existent or negligible.
B. security threats are non-negligible.
C. security threats are serious and severe.
D. users are trained.
E. None of the choices.

Correct Answer: A

Explanation:

Explanation:
“Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand, “”Everything not explicitly forbidden is permitted”” (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible.”