Certified Information Systems Auditor (CISA) — Question 1315

Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack?

Answer options

• A. Antivirus software was unable to prevent the attack even though it was properly updated.
• B. Backups were only performed within the local network.
• C. The most recent security patches were not tested prior to implementation.
• D. Employees were not trained on cybersecurity policies and procedures.

Correct answer: B

Explanation

The correct answer is B, as performing backups only within the local network poses a significant risk during a ransomware attack, potentially leading to the loss of critical data. While options A, C, and D are concerning, they do not directly impact the organization's ability to recover data after a ransomware incident as backups do.