CISA Certified Information Systems Auditor – Question0359

An IS auditor notes that several users have not logged into an application for more than one year. Which of the following would be the BEST audit recommendation?

A.
Periodically review the information security policy.
B. Update the termination procedures.
C. Periodically review user access.
D. Delete the affected users’ IDs.

Correct Answer: C