Certified Information Systems Auditor (CISA) — Question 1037

A business area received an audit finding because an administrator made unapproved emergency changes to a critical system. Which of the following would BEST prevent unapproved changes in the future?

Answer options

• A. Two-factor authentication on emergency access accounts
• B. Updated emergency change management procedures
• C. Regular emergency change-control log reviews
• D. Dual-control temporary emergency access accounts

Correct answer: D

Explanation

The correct answer is D because dual-control temporary emergency access accounts require two administrators to approve changes, significantly reducing the risk of unapproved modifications. Options A and B enhance security and procedures but do not specifically address the dual-control needed to prevent unauthorized changes. Option C, while useful for oversight, does not proactively prevent the changes from occurring.