Certified Information Systems Auditor (CISA) — Question 1065

A secure server room has a badge reader system that records name, date, and time information whenever a staff member uses a badge to enter or exit. When reviewing the system logs, an IS auditor notices records for some employees entering, but not exiting, the room. Which of the following would be the MOST effective compensating control to recommend?

Answer options

• A. Installing security cameras at the doors
• B. Implementing a monitored mantrap at entrance and exit points
• C. Changing to a biometric access control system
• D. Requiring two-factor authentication at entrance and exit points

Correct answer: A

Explanation

Installing security cameras at the doors would provide a visual record of who enters and exits, helping to identify any discrepancies. While a mantrap or biometric system could enhance security, they may not directly address the issue of tracking entries and exits as effectively as cameras. Two-factor authentication is useful but does not provide a physical record of movements in and out of the server room.