CISA Certified Information Systems Auditor – Question1969

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor’s BEST recommendation would be to:

A.
recruit more monitoring personnel.
B. fine tune the intrusion detection system (IDS).
C. reduce the firewall rules.
D. establish criteria for reviewing alerts.

Correct Answer: D