CISA Certified Information Systems Auditor – Question0813

An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization’s information security manager?

A.
The operations team implemented the change without regression testing.
B. The change did not include a proper assessment of risk.
C. Documentation of the change was made after implementation.
D. The information security manager did not review the change prior to implementation.

Correct Answer: B