Certified Information Systems Auditor (CISA) — Question 1300

Which of the following is an IS auditor's GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Answer options

• A. The organization may not be in compliance with licensing agreements.
• B. System functionality may not meet business requirements.
• C. The system may have version control issues.
• D. The organization may be more susceptible to cyber-attacks.

Correct answer: D

Explanation

The correct answer is D because outdated software can contain vulnerabilities that make systems more attractive targets for cyber-attacks. While compliance with licensing agreements (A), system functionality (B), and version control issues (C) are important, they do not pose as immediate a risk to security as susceptibility to cyber threats.