CISA Certified Information Systems Auditor – Question1183

During an annual security review of an organization’s servers, it was found that the customer service team’s file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

A.
Report the situation to the data owner.
B. Remove access privileges to the folder containing the data.
C. Train the customer service team on properly controlling file permissions.
D. Isolate the server from the network.

Correct Answer: A