Certified Information Systems Auditor (CISA) — Question 53

Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?

Answer options

• A. Conceal data devices and information labels.
• B. Issue an access card to the vendor.
• C. Monitor and restrict vendor activities.
• D. Restrict use of portable and wireless devices.

Correct answer: C

Explanation

The most effective way to protect information assets is to monitor and restrict vendor activities, as this ensures that their actions are supervised and any suspicious behavior can be addressed promptly. Concealing devices or issuing access cards does not provide adequate oversight, and restricting portable devices may not directly prevent theft by the vendor.