CISA Certified Information Systems Auditor – Question2979

Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

A.
Assess the impact of patches prior to installation.
B. Ask the vendors for a new software version with all fixes included.
C. install the security patch immediately.
D. Decline to deal with these vendors in the future.

Correct Answer: A

Explanation:

Explanation:
The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. To install the patch without knowing what it might affect could easily cause problems. New software versions withal fixes included are not always available and a full installation could be time consuming. Declining to deal with vendors does not take care of the flaw.