Certified Information Systems Auditor (CISA) — Question 1365

Which of the following should be of GREATEST concern to an IS auditor reviewing a network printer disposal process?

Answer options

• A. Business units are allowed to dispose printers directly to authorized vendors.
• B. Inoperable printers are stored in an unsecured area.
• C. Disposal policies and procedures are not consistently implemented.
• D. Evidence is not available to verify printer hard drives have been sanitized prior to disposal.

Correct answer: D

Explanation

The correct answer is D because the absence of evidence confirming that printer hard drives have been sanitized indicates a significant risk of data leakage. While options A, B, and C raise concerns, they do not pose as immediate a threat to data security as the lack of verification for sanitization does.