Certified Information Systems Auditor (CISA) — Question 1192

An IS auditor is reviewing desktop software profiles and notes that a user has downloaded and installed several games that are not approved by the company. Which of the following is the MOST significant risk that could result from this situation?

Answer options

• A. Violation of user’s privacy
• B. Potential for malware
• C. Noncompliance with the acceptable use policy
• D. Interoperability issues with company software

Correct answer: B

Explanation

The most significant risk is the potential for malware, as unapproved games can introduce harmful software that compromises the security of the system. While violations of privacy, noncompliance with policies, and interoperability issues are concerns, they do not pose as immediate a threat to system integrity as the introduction of malware does.