CISA Certified Information Systems Auditor – Question2598

Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

A.
Employees are not required to sign a non-compete agreement.
B. Security education and awareness workshops have not been completed.
C. Users lack technical knowledge related to security and data protection.
D. Desktop passwords do not require special characters.

Correct Answer: C