CISA Certified Information Systems Auditor – Question0414

Which of the following observations noted during a review of the organization’s social media practices should be of MOST concern to the IS auditor?

A.
The organization does not require approval for social media posts.
B. More than one employee is authorized to publish on social media on behalf of the organization.
C. Not all employees using social media have attended the security awareness program.
D. The organization does not have a documented social media policy.

Correct Answer: D