CISA Certified Information Systems Auditor – Question0382

An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?

A.
Completeness testing has not been performed on the log data.
B. Data encryption standards have not been considered.
C. Log feeds are uploaded via batch process.
D. The log data is not normalized.

Correct Answer: A