An IS auditor finds that intellectual property is not being protected to the level specified in the organization’s data classification and protection policy. The business owner is aware of this issue and chooses to accept the risk. Which of the following is the auditor’s
BEST course of action?
A. Note the finding and request formal acceptance.
B. Include the finding in the follow-up audit.
C. Amend the data classification policy.
D. Form a committee and further investigate the issue.
BEST course of action?
A. Note the finding and request formal acceptance.
B. Include the finding in the follow-up audit.
C. Amend the data classification policy.
D. Form a committee and further investigate the issue.