Certified Information Systems Auditor (CISA) — Question 1143

An IS auditor is preparing for a review of controls associated with a manufacturing plant’s implementation of industrial internet of Things (IoT) infrastructure. Which of the following vulnerabilities would present the GREATEST security risk to the organization?

Answer options

• A. Insufficient physical security around the IoT devices for theft prevention
• B. Use of open-source software components within the IoT devices
• C. Constraints in IoT device firmware storage space for code upgrades
• D. IoT devices that are not using wireless network connectivity

Correct answer: C

Explanation

The correct answer is C because constraints in IoT device firmware storage space make it difficult to implement necessary code upgrades, which can leave devices vulnerable to attacks. Options A and B are significant risks but do not have as immediate an impact on the device's operational security as firmware storage constraints. Option D is less relevant since not using wireless connectivity may actually reduce some risks, rather than increase them.