Certified Information Systems Auditor (CISA) — Question 1313

During an operational audit of a biometric system used to control physical access, which of the following should be of GREATEST concern to an IS auditor?

Answer options

• A. False positives
• B. User acceptance of biometrics
• C. False negatives
• D. Lack of biometric training

Correct answer: A

Explanation

False positives are critical because they can lead to unauthorized access, allowing individuals who should not be granted entry to gain access. While user acceptance and training are important for usability and effectiveness, false negatives and the lack of training do not pose the same immediate risk to security as false positives do.