CISA Certified Information Systems Auditor – Question0588

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. The information security manager’s BEST course of action should be to:

A.
modify the policy
B. present the risk to senior management
C. enforce the policy
D. create an exception for the deviation

Correct Answer: B