CISA Certified Information Systems Auditor – Question0618

A review of Internet security disclosed that users have individual user accounts with the Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only corporate network is used. The organization should FIRST:

A.
use a proxy server to filter out Internet sites that should not be accessed.
B. keep a manual log of Internal access.
C. monitor remote access activities.
D. include a statement in its security policy about Internet use.

Correct Answer: D