Certified Information Systems Auditor (CISA) — Question 1031

An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that:

Answer options

• A. security parameters are set in accordance with the manufacturer's standards.
• B. security parameters are set in accordance with the organization's policies.
• C. a detailed business case was formally approved prior to the purchase.
• D. the procurement project invited tenders from at least three different suppliers.

Correct answer: B

Explanation

The correct answer is B because the primary focus of an IS auditor is to ensure compliance with the organization's policies, which govern security standards. While options A, C, and D are important considerations, they do not directly address the auditor's main responsibility regarding security compliance.