CISA Certified Information Systems Auditor – Question0317

An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor’s BEST recommendation should be to:

A.
reclassify the data to a lower level of confidentiality.
B. recommend corrective actions to be taken by the security administrator.
C. implement a strong password schema for users.
D. require the business owner to conduct regular access reviews.

Correct Answer: B