Certified Information Systems Auditor (CISA) — Question 352

Which of the following should an IS auditor be MOST concerned with when reviewing the IT asset disposal process?

Answer options

• A. Data stored on the asset
• B. Certificate of destruction
• C. Monetary value of the asset
• D. Data migration to the new asset

Correct answer: A

Explanation

The correct answer is A because the primary concern in IT asset disposal is ensuring that all sensitive data is completely removed to prevent data breaches. While the certificate of destruction (B) and the monetary value (C) are important, they are not as critical as the protection of data. Data migration (D) is also relevant but is secondary to the need to secure the data on the asset being disposed of.