Certified Information Systems Auditor (CISA) — Question 136

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:

Answer options

• A. recruit more monitoring personnel.
• B. establish criteria for reviewing alerts.
• C. reduce the firewall rules.
• D. fine tune the intrusion detection system (IDS).

Correct answer: D

Explanation

The correct answer is D because fine-tuning the IDS can help reduce the number of false positives by adjusting its sensitivity and detection parameters. Options A and B do not address the root cause of the problem, while C would not necessarily reduce false positives and could compromise security.