Certified Information Systems Auditor (CISA) — Question 533

During a review of IT service desk practices, an IS auditor notes that help desk personnel are spending more time fulfilling user requests for password resets than resolving critical incidents. Which of the following recommendations to IT management would BEST address this situation?

Answer options

• A. Calculate the age of incident tickets and alert senior IT personnel when they exceed service level agreements (SLAs).
• B. Provide annual password management training to end users to reduce the number of instances requiring password resets.
• C. Incentivize service desk personnel to close incidents within agreed service levels.
• D. Implement a self-service solution and redirect users to access frequently requested services.

Correct answer: D

Explanation

The correct answer, D, addresses the root cause by allowing users to manage their own password resets, thereby freeing up help desk personnel to focus on critical incidents. Option A focuses on monitoring incident age, which does not solve the immediate issue. Option B offers a preventative measure but may not significantly reduce the number of requests. Option C incentivizes performance but does not directly tackle the high volume of password reset requests.