Certified Information Systems Auditor (CISA) — Question 1360

Which of the following is the PRIMARY role of the IS auditor in an organization's information classification process?

Answer options

• A. Securing information assets in accordance with the classification assigned
• B. Validating that assets are protected according to assigned classification
• C. Ensuring classification levels align with regulatory guidelines
• D. Defining classification levels for information assets within the organization

Correct answer: B

Explanation

The correct answer is B because the IS auditor's primary duty is to ensure that the classification assigned to information assets is being adhered to in terms of protection. Options A and D suggest actions that are not primarily the auditor's responsibility, while option C focuses on regulatory alignment, which is not the primary role of the auditor in this context.