Certified Information Systems Auditor (CISA) — Question 508

For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

Answer options

• A. security training prior to implementation,
• B. the firewall configuration for the web server.
• C. security requirements for the new application.
• D. attributes for system passwords.

Correct answer: C

Explanation

The correct answer is C because establishing security requirements for the new application is crucial for protecting sensitive trading data. While security training, firewall configuration, and password attributes are important, they are secondary to ensuring the application itself is designed with robust security measures.