Certified Information Systems Auditor (CISA) — Question 1111

An IS auditor detects the presence of known ransomware indicators. What should the auditor do NEXT?

Answer options

• A. Research the type of ransomware to determine the associated risk.
• B. Recommend a tool to remove the ransomware from the server.
• C. Notify the parties responsible for the server.
• D. Determine whether documented procedures exist for ransomware removal.

Correct answer: C

Explanation

The correct answer is C because notifying the responsible parties is crucial for immediate action to mitigate potential damage. Researching the ransomware type (A), recommending removal tools (B), or checking for procedures (D) are important but should come after ensuring that those in charge are aware of the situation.