Certified Information Systems Auditor (CISA) — Question 1280

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?

Answer options

• A. The quality of the data is not monitored.
• B. The transfer protocol does not require authentication.
• C. Imported data is not disposed frequently.
• D. The transfer protocol is not encrypted.

Correct answer: B

Explanation

The most critical finding is that the transfer protocol does not require authentication, as this could allow unauthorized users to access sensitive data. While data quality, disposal frequency, and encryption are important, they do not pose as immediate a security risk as a lack of authentication, which directly impacts data integrity and confidentiality.