Certified Information Systems Auditor (CISA) — Question 27

Using swipe cards to limit employee access to restricted areas requires implementing which additional control?

Answer options

• A. Physical sign-in of all employees for access to restricted areas
• B. Initial escort of all new hires by a current employee
• C. Periodic review of access profiles by management
• D. Employee-access criteria determined on the basis of IS experience

Correct answer: C

Explanation

The correct option, C, emphasizes the importance of management regularly reviewing access profiles to ensure that only authorized personnel can enter restricted areas. Options A and B do not provide an ongoing control mechanism; they are more about initial procedures. Option D is not suitable as it focuses on criteria rather than the management oversight needed to maintain security.