CISA Certified Information Systems Auditor – Question2616

An IS auditor has discovered that unauthorized customer management software was installed on a workstation. The auditor determines the software has been uploading customer data to an external party. Which of the following is the IS auditor’s BEST course of action?

A.
Review other workstations to determine the extent of the incident.
B. Determine the number of customer records that were uploaded.
C. Notify the incident response team.
D. Present the issue at the next audit progress meeting.

Correct Answer: C