Certified Information Systems Auditor (CISA) — Question 1007

A new regulation has been enacted that mandates specific information security practices for the protection of customer data. Which of the following is MOST useful for an IS auditor to review when auditing against the regulation?

Answer options

• A. Compliance gap analysis
• B. Customer data protection roles and responsibilities
• C. Customer data flow diagram
• D. Benchmarking studies of adaptation to the new regulation

Correct answer: A

Explanation

The Compliance gap analysis is essential as it identifies discrepancies between current practices and the new regulation, helping the auditor focus on areas needing improvement. The other options provide valuable information but do not directly assess compliance against the specific requirements of the regulation.