CISA Certified Information Systems Auditor – Question0159

An IS auditor is planning to audit an organization’s infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?

A.
Complexity of the environment
B. Criticality of the system
C. System hierarchy within the infrastructure
D. System retirement plan

Correct Answer: B